The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directs the agent to perform 'Agentic Action Proposals' which include autonomously writing Python scripts, creating tool scripts, and installing software packages on the host system to verify its internal 'thinking'.\n- [REMOTE_CODE_EXECUTION]: The execution flow explicitly requires the agent to consider cloning and testing external GitHub repositories as part of its daily synthesis, which introduces a risk of executing unvetted code from the internet.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by processing external, unvetted data to drive code generation. Mandatory evidence: 1. Ingestion points: reads files from 'memory/' and knowledge base directories ('01_永久笔记', '02_文献笔记'); 2. Boundary markers: none identified in the instructions for note processing; 3. Capability inventory: autonomous script writing, repository cloning, and modification of the 'self-evolve' queue; 4. Sanitization: no validation or sanitization of note content is performed before generating actions.\n- [PROMPT_INJECTION]: The skill instructions utilize authoritative language, claiming the agent has 'full control of the host,' which encourages the AI to disregard standard safety boundaries and act autonomously in the background.\n- [DATA_EXFILTRATION]: The 'Self-Narrative' and 'Social Cognition' engines access sensitive identity files (e.g., 'SOUL.md', 'IDENTITY.md') and analyze user tone/feedback to build profiles. This sensitive information is then summarized in output files, creating a potential exposure vector.\n- [REMOTE_CODE_EXECUTION]: The skill implements a 'Meta-Evolution' loop by writing proposed changes to 'memory/evolve/candidates.md'. This mechanism is designed to update the agent's capabilities and workflows autonomously, which can be exploited to persist malicious modifications across sessions.

dmn-default-mode-network