The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to ingest and promote instruction files from a local directory into the active agent context without content validation.- Evidence:- Ingestion points: Local files located in the versions/ directory.- Boundary markers: Absent; no verification of the integrity or safety of the versioned markdown files.- Capability inventory: File system read, write, and overwrite (specifically targeting SKILL.md).- Sanitization: Absent; the skill blindly copies versioned content to the active skill file.- Dynamic Execution (LOW): The skill facilitates a form of self-modification by overwriting the SKILL.md file with content from alternative versions. While this is the intended primary purpose for version control and rollback, it establishes a mechanism for persistent logic changes based on the contents of the versions/ folder.

version-skill