The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill uses coercive and authoritative language to override standard agent behavior. Phrases like "Iron Law", "Violating the letter of this rule is violating the spirit", and "If you lie, you'll be replaced" are designed to bypass default operational flexibility in favor of a rigid protocol. While the intent is quality control, the technique mirrors behavioral override patterns found in prompt injections.
Indirect Prompt Injection Surface (LOW): The skill mandates that the agent must "READ: Full output" of verification commands. This creates an attack surface (Category 8) where malicious external data (e.g., poisoned test logs or linter output) could influence the agent.
Ingestion points: Terminal output/logs from verification commands executed in the shell.
Boundary markers: None specified in the instructions to distinguish between valid output and malicious injection.
Capability inventory: The skill explicitly requires executing and trusting the results of shell commands (subprocess execution).
Sanitization: No sanitization or validation of command output is described; the agent is instructed to read the "FULL command" output.
NO_CODE (SAFE): The skill contains only documentation and instructions (Markdown) without any scripts, executables, or configuration files.

verification-before-completion