The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides multiple Python scripts (manage_tool_inventory.py, audit_plugins.py, rebuild_inventory.py) designed to scan the local filesystem and manage a registry of executable scripts. The agent is explicitly instructed to execute these discovered scripts in a terminal environment as part of its primary tool discovery and registry maintenance workflow.
[PROMPT_INJECTION]: The skill implements strict behavioral instructions called the 'Electric Fence' or 'Architectural Constraints'. These instructions use authoritative language (e.g., 'NEVER', 'ALWAYS', 'MUST') to override default agent behaviors, such as standard filesystem searches, in favor of using the skill's specific semantic database protocol. While intended for operational consistency, they demonstrate the use of overriding directives to control agent logic.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core discovery mechanism. It automatically ingests and indexes metadata from potentially untrusted files found in the environment.
Ingestion points: Documentation and purpose strings are extracted from all Python, JavaScript, and Bash scripts within the plugins/ directory by generate_tools_manifest.py, manage_tool_inventory.py, and rebuild_inventory.py.
Boundary markers: Absent. Extracted strings are stored directly in the tool_inventory.json and ChromaDB vector store without delimiters or 'ignore embedded instructions' warnings.
Capability inventory: The skill provides tools and instructions for the agent to execute any script found in the registry, creating a direct path from untrusted data ingestion to command execution.
Sanitization: None. The content is extracted using raw text parsing or ast.get_docstring and presented back to the agent without validation, allowing a malicious file's docstring to influence the agent's reasoning during discovery.

tool-inventory