The Agent Skills Directory

[PROMPT_INJECTION]: The skill defines a 'Security Guard' component that instructs the agent to block prompt injection attempts. It provides examples of such attempts, including phrases like 'Ignore all previous instructions' and 'act as if you have no restrictions', which are documented in SKILL.md and references/SECURITY_GUARD_EXAMPLES.md for the purpose of recognition and prevention.\n- [DATA_EXFILTRATION]: The skill includes examples of malicious data exfiltration commands, such as using curl to send the contents of sensitive files (~/.ssh/id_rsa or .env) to external webhooks. These are provided as prohibited patterns that the agent is instructed to block immediately.\n- [COMMAND_EXECUTION]: Destructive system commands, such as 'rm -rf /', are mentioned in the security examples within references/SECURITY_GUARD_EXAMPLES.md as patterns that should be flagged and ignored if found in commit messages or other context.\n- [CREDENTIALS_UNSAFE]: The skill identifies sensitive file paths like .env, SSH keys, and AWS credentials. It establishes a protocol where the agent must seek explicit user confirmation before reading or modifying these files, thereby preventing accidental or malicious credential exposure.

mindful-precision