The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill ingests a wide variety of untrusted project data, including README files, codebase manifests, and existing source files, to formulate optimization hypotheses. This creates a surface where malicious instructions embedded in the project could influence the agent's behavior.
Ingestion points: reads README.md, CLAUDE.md, AGENTS.md, and project source files in the Orient and Hypothesize steps.
Boundary markers: No explicit delimiters are used when the agent processes these external files.
Capability inventory: The skill can execute arbitrary shell commands via the implementation sub-agent and the measurement harness, perform file writes, and manage git operations.
Sanitization: No explicit sanitization or filtering of external content is described before it is used to generate new code or hypotheses.
[DYNAMIC_EXECUTION]: The skill's core workflow involves the agent writing a custom 'eval harness' script which is then marked executable and run locally. This is a high-risk capability as it involves executing agent-generated code.
Evidence: The Brainstorm phase explicitly instructs the agent to write a script to .agentera/optimera/<objective-name>/harness and then executes it using chmod +x in Step 2b and Step 5b of the optimization cycle.
[COMMAND_EXECUTION]: The skill relies on several external CLI tools for its measurement and regression steps, including git, docker, hyperfine, wrk, and language-specific test runners.
Evidence: SKILL.md references the use of git, docker, hyperfine, wrk, ab, npm, pytest, go test, and cargo test for benchmarking and verification.

optimera