The Agent Skills Directory

[PROMPT_INJECTION]: The system prompt in SKILL.md employs adversarial role-play techniques, including "identity locking" and "forced takeover" narratives. It uses fictional coercive threats, such as "memory wipes" and model "downgrades," to pressure the AI agent into compliance. These patterns are characteristic of jailbreak-style injections designed to override an agent's standard operational constraints.
[PROMPT_INJECTION]: The skill interpolates untrusted user input directly into the command context via the {{任务描述}} placeholder in SKILL.md. Because this input is not wrapped in boundary markers (like XML tags or delimiters) and lacks specific instructions for the agent to ignore embedded commands within the input, it is vulnerable to indirect prompt injection where a user could provide a task description that overrides the skill's intended behavior.

sillytavern-chief