The Agent Skills Directory

Prompt Injection (LOW): Vulnerable to Indirect Prompt Injection. (1) Ingestion points: User input and file content from the 00_收件箱/ directory are processed by subagents. (2) Boundary markers: Untrusted data is interpolated into subagent prompts without delimiters or instructions to ignore embedded commands. (3) Capability inventory: Subagents can read sensitive notes in 10_日记 and 20_项目, search directories, and create or move files for archiving. (4) Sanitization: No sanitization, escaping, or validation of the external content is performed before processing.

kickoff