The Agent Skills Directory

[COMMAND_EXECUTION]: The skill grants the agent extensive shell access through its sub-agent architecture. The script-runner and code-writer agents are equipped with the Bash tool to execute temporary scripts and perform system-level development tasks such as syncing mods and creating releases. Additionally, SKILL.md contains bash scripts for repository analysis using git and jq commands.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because several research agents, including mod-pattern-researcher and lovely-patch-researcher, are instructed to read and summarize content from the user's Mods/ directory and third-party configuration files. Maliciously crafted content in these external files could influence the agent's logic or lead to the generation of unsafe code.
Ingestion points: Specialists such as mod-pattern-researcher and lovely-patch-researcher ingest data from local third-party mod files and lovely.toml patches as described in references/sub-agents.md.
Boundary markers: The agent uses XML-style tags like <objective>, <task>, and <prior_findings> to delineate instructions, which provides some structural separation but is not a complete defense against adversarial content.
Capability inventory: The code-writer sub-agent has Write, Edit, and Bash capabilities, and the script-runner has Bash access, creating a vector for injected instructions to affect the local file system or execute code.
Sanitization: The skill lacks explicit sanitization or instructions to ignore potential directives embedded in the searched codebases or third-party mod files.

balatro-mod-dev