The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses 'Anti-Simulation Rules' which act as meta-instructions to prevent the agent from skipping steps. These are operational constraints rather than attempts to bypass security filters.
[COMMAND_EXECUTION]: The skill is authorized to use the Bash tool to perform research and execution tasks. This capability allows the agent to interact with the underlying system based on processed instructions.
[REMOTE_CODE_EXECUTION]: The documentation references external components like 'claude-cli-agent' and the ability to delegate to a 'dual-loop' SKILL, indicating dependencies on external code execution environments.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for instructions embedded in processed data. Ingestion points: The agent reads historical session state files (snapshot.md), local orientation documents, and research artifacts (learning/ directory). Boundary markers: The workflow uses a phased Iron Chain approach to structure the process, though technical delimiters for untrusted content are not specified. Capability inventory: Access to Bash, Read, and Write tools, and the ability to spawn sub-agents. Sanitization: No explicit validation or filtering logic is defined for content ingested from external files before it is processed by the agent.
[SAFE]: The skill includes 'Strategic Gate' and 'Red Team Audit' phases that require explicit user approval before execution. This Human-in-the-Loop requirement is a significant safety control.

learning-loop