The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The 'Auto-Skill Synthesis' logic in SKILL.md (Step 6) performs dynamic generation of agent instruction files (SKILL.md drafts) based on content fetched from external, untrusted URLs. This creates a mechanism where remote data can define agent behaviors and tools.
[PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection due to its automated ingestion of external data for synthesis and memory updates. An attacker-controlled webpage or tweet could influence the agent to generate malicious skill drafts or corrupt its internal state.
Ingestion points: External URLs, articles, and tweet content processed in SKILL.md Step 1.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the synthesis logic.
Capability inventory: The skill has the capability to write files to the skills/_drafts/, Obsidian/, and memory/ directories, and modify the STRATEGIC_LANDSCAPE.md file.
Sanitization: There is no evidence of content sanitization or validation before the untrusted data is used to generate code or updates.
[DATA_EXFILTRATION]: The skill reads the STRATEGIC_LANDSCAPE.md file, which contains sensitive architectural details and a resource inventory (API keys status, compute resources, agent fleet roles). This sensitive metadata is analyzed in the same context as untrusted external content, creating a risk that this information could be leaked or exfiltrated through compromised agent logic.

Intelligence Ingestion