The Agent Skills Directory

DATA_EXFILTRATION (LOW): The script scripts/voice_loader.py accesses the user's home configuration directory (~/.config/aiwg/voices/). While restricted to a specific application subdirectory, access to the user's home directory is a sensitive operation that should be monitored.
PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) through its ingestion of voice profiles.
Ingestion points: The voice_loader.py script reads YAML files from the current working directory (.aiwg/voices/) and the user's home directory. This data is then loaded into the agent's context.
Boundary markers: Absent. The SKILL.md does not specify the use of delimiters or 'ignore' instructions when processing these profile values.
Capability inventory: The agent uses the loaded profile data to perform content transformations, including 'Perspective Shift' and 'Vocabulary Transformation'.
Sanitization: Absent. There is no validation to ensure the YAML content (like descriptions or signature phrases) does not contain malicious instructions.
COMMAND_EXECUTION (LOW): The SKILL.md file documents the use of subprocess calls to run scripts/voice_loader.py and scripts/voice_analyzer.py. While these are local scripts provided with the skill, users should ensure the arguments passed to these scripts (like profile names) are sanitized to prevent shell injection.

voice-apply