The Agent Skills Directory

[COMMAND_EXECUTION]: The skill dynamically loads agent instructions and mental models from a local catalog using the lev-catalog CLI (found in skill-discovery/SKILL.md). This involves computing paths to skill definitions (e.g., ~/lev/workshop/poc/skills/domains/...) at runtime based on semantic search results.
[COMMAND_EXECUTION]: Extensive use of shell commands and internal CLI tools (lev, bd, find) to automate directory creation, file indexing, and metadata tracking across the filesystem, including paths within the user's home directory (~/.lev/).
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data (user queries, bug reports, and research artifacts) across multi-turn agent chains without explicit sanitization.
Ingestion points: Raw user queries are accepted via the lev cdo command and processed by the router/SKILL.md. Error descriptions are ingested by the debug/SKILL.md workflow.
Boundary markers: The skill does not implement explicit boundary markers or 'ignore' instructions for the interpolated user content within its agent prompts.
Capability inventory: The system possesses high-level capabilities including file system read/write access (tmp/, ~/.lev/), execution of system commands via the lev CLI, and the ability to dispatch secondary agents via the Task tool.
Sanitization: No evidence of input validation, escaping, or filtering was found in the prompt templates or orchestration logic.

lev-cdo