The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests potentially attacker-controlled content from an external repository and uses it to drive agent behavior.
Ingestion points: Data is pulled from the ../eve-horizon repository, including git commit logs (git log --oneline), markdown plan headers (head -20 docs/plans/*.md), and code diffs.
Boundary markers: The prompt templates for 'workers' (Phase 5) do not specify the use of delimiters (e.g., XML tags or triple quotes) or 'ignore' instructions for the content synthesized from the repository.
Capability inventory: The agent (orchestrator and workers) has the ability to execute shell commands, read local files, and write updates to skill files and reference documentation.
Sanitization: The instructions do not include steps to sanitize or validate the external data before it is interpolated into worker prompts or written to local files.
[COMMAND_EXECUTION]: The skill relies on local shell command execution to perform its primary synchronization tasks.
Evidence: Uses git log, git diff, ls, head, and cat to inspect the status of the sibling repository ../eve-horizon.
Evidence: Executes a local bash script (scripts/check-state-today.sh) to validate the compliance of the updated documentation.

sync-horizon