The Agent Skills Directory

[COMMAND_EXECUTION]: The skill orchestrates benchmarking tasks by executing local Python scripts within its own directory structure. In scripts/execute.py, it uses the subprocess.run method to call an optimization loop script, providing a controlled environment for evaluating the performance of target skills.
[EXTERNAL_DOWNLOADS]: Reference documentation provided with the skill (such as dynamic-specification-fetching.md) outlines architectural patterns for fetching technical specifications from trusted GitHub repositories. This practice ensures that the agent uses current, accurate documentation from well-known technology providers rather than relying on potentially outdated pre-trained knowledge.
[PROMPT_INJECTION]: As an optimization tool, the skill ingests external data including evaluation datasets (JSONL/CSV) and source code for other skills. This introduces a surface for indirect prompt injection, where data processed during the optimization loop could contain instructions intended to influence the agent's behavior. This risk is inherent to the skill's primary function and is mitigated by the tool's focus on empirical, quantitative benchmarking results.
[DATA_EXFILTRATION]: The skill demonstrates proactive security awareness by programmatically sanitizing the execution environment. Specifically, scripts/execute.py removes sensitive authentication tokens (such as GITHUB_TOKEN and COPILOT_GITHUB_TOKEN) from the environment before spawning child processes, effectively preventing credential leakage to sub-components of the optimization loop.

continuous-skill-optimizer