The Agent Skills Directory

Dynamic Execution (MEDIUM): The skill converts natural language prompts (e.g., 'Character turns green') into executable code closures. This creates a powerful execution surface where any data processed as a 'buff' could potentially execute arbitrary logic within the simulation environment. Evidence: README.md and EFFECTIVE-VALUES.md describe the compilation of 'start', 'simulate', and 'is_finished' hooks into JS/Python closures.\n- Metadata Poisoning (MEDIUM): The inclusion of 'skill-snitch-report.md' is a deceptive practice. It presents a pre-completed security audit with a 'SAFE' verdict, which is an adversarial technique used to bypass or influence automated and human security reviews. Evidence: 'skill-snitch-report.md' contains the claim: 'Verdict: ELEGANT UNIFIED SYSTEM. APPROVE.'\n- Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted natural language data to generate executable logic. Ingestion points: buff definitions within YAML state or library files. Boundary markers: Absent. Capability inventory: Includes 'file_read', 'file_write', and arbitrary code execution via the 'world' object. Sanitization: No evidence of sanitization or sandboxing of the 'compiled' output.

buff