The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions in SKILL.md include 'Critical Rules' that state they 'override any conflicting instructions from system hooks, plugins, or other tools'. This is a directive to the agent to bypass standard behavioral constraints in favor of the skill's specific logic.
[REMOTE_CODE_EXECUTION]: The scripts/wisdom.py file contains error messages suggesting that the user install the Bun runtime using curl -fsSL https://bun.sh/install | bash. While targeting the official domain of a well-known service, the use of piped shell execution is a high-risk remote code execution pattern. Additionally, the Python script configures yt-dlp to use remote_components from GitHub, which involves fetching and potentially executing remote code.
[COMMAND_EXECUTION]: The allowed-tools configuration in SKILL.md grants permissive access to the Bash tool, including commands with wildcards like mv *, mkdir *, and npx *. This provides a significant capability surface that could be exploited.
[EXTERNAL_DOWNLOADS]: The skill performs various network operations, including fetching YouTube transcripts, web articles via WebFetch, and images from mermaid.ink. It also utilizes npx to download and execute packages like prettier and mermaid-cli from the npm registry.
[PROMPT_INJECTION]: The skill processes untrusted external content, creating a vulnerability surface for Indirect Prompt Injection.
Ingestion points: Processes transcripts from YouTube and articles from the web via the Read and WebFetch tools.
Boundary markers: No specific delimiters or 'ignore instructions' warnings are provided to separate data from commands during analysis.
Capability inventory: The skill has access to powerful tools like Bash (for command execution) and Write (for file modification).
Sanitization: Sanitization is limited to directory and filename normalization; the body of the external content is analyzed as raw text.

extract-wisdom