The Agent Skills Directory

[PERSISTENCE_MECHANISMS]: The skill provides the ability to install a persistent background task on macOS using launchd. This is achieved through the install_launchd_plist.py script, which configures a LaunchAgent to run the integrity check periodically. This behavior is documented and serves the legitimate purpose of continuous workspace monitoring.- [INDIRECT_PROMPT_INJECTION]: The skill processes workspace files that could be modified by external actors, creating an attack surface for indirect prompt injection. Alerts generated by the tool may contain content from these modified files, which an agent is instructed to relay to the user.
Ingestion points: soul_guardian.py reads protected files like SOUL.md and AGENTS.md to verify their integrity.- Boundary markers: The tool generates alerts with visual separators, but the instructions provided to the agent for relaying these alerts do not include explicit commands to treat the diff content as untrusted data.- Capability inventory: The skill possesses read/write access to workspace files and can manage system services via launchctl.- Sanitization: File paths and tags are sanitized to prevent filesystem issues, but the actual file content compared in diffs is not filtered for malicious prompt patterns.

soul-guardian