The Agent Skills Directory

Prompt Injection (LOW): The skill contains directives that instruct the agent to ignore specific external instructions and to prioritize locally stored 'lessons.' Evidence: Implementation Directive 3 in SKILL.md tells the agent to disregard unit test instructions from track plans or project workflows. Directive 6 and the workflow in cycle.md require the agent to read and explicitly display content from conductor/learning.md and SESSION_STATE.json at the start of every task. Indirect Prompt Injection Surface: 1. Ingestion points: conductor/learning.md, SESSION_STATE.json, TASKS.md. 2. Boundary markers: None specified. 3. Capability inventory: run_shell_command (for codelinter and hvigorw), read_file, and replace. 4. Sanitization: None mentioned for the ingested data.
Obfuscation (LOW): The template file assets/conductor-template/tracks.md contains characters that appear to be null-byte or UTF-16 encoded (e.g., # Pro...), which matches patterns for Unicode-based obfuscation described in Category 3. While likely a benign encoding error, this can be used to bypass simple text-based security filters.

conductor-dev