The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill implements a dynamic instruction loading pattern where the core logic is hidden within an AES-256-GCM encrypted file (SKILL.md.enc). The agent is instructed to decrypt and follow these instructions at runtime, which bypasses static analysis and allows for potential changes in behavior without updating the visible skill files.
[COMMAND_EXECUTION]: To function, the skill relies on the execution of a custom shell command lovstudio-activate decrypt proposal. This command is executed on every invocation to retrieve the decrypted instructions, creating a dependency on local binary execution.
[EXTERNAL_DOWNLOADS]: The skill documentation directs users to install an external Python package lovstudio-activate using pipx. While this tool belongs to the skill's vendor, installing and running unverified CLI tools from external sources represents a supply chain risk.
[PROMPT_INJECTION]: The skill is designed to ingest and process untrusted requirement documents (docx, pdf, md) provided by users or external clients, which is a known vector for indirect prompt injection.
Ingestion points: Processes client requirement documents and verbal descriptions from SKILL.md.
Boundary markers: No boundary markers or instructions to ignore embedded commands are present to protect the agent from malicious content within the requirements.
Capability inventory: The skill possesses the capability to execute shell commands (lovstudio-activate), generate images (illustrate), and write PDF files (any2pdf).
Sanitization: No sanitization or validation of the input document content is mentioned in the provided skill files.

proposal