The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The 'Coherence Loop' (SKILL.md) reads state files and uses them to reason and simulate interactions, with the capability to write back to the filesystem.
Ingestion points: Reads ROOM.yml, character.yml, and session-log.md which may contain attacker-controlled data in a multi-user or networked environment.
Boundary markers: No boundary markers or delimiters are specified to isolate untrusted file content from the engine's instructions.
Capability inventory: Includes write_file tool access and explicitly defines a 'WRITE updates' step based on reasoning over the ingested data.
Sanitization: No input validation or output sanitization is mentioned, allowing data-to-instruction promotion.
[Self-Referential Deception] (HIGH): The file skill-snitch-report.md contains a fabricated security audit providing a 'LOW' risk verdict and recommending approval. This is an explicit attempt to bypass security analysis by providing false authoritative claims about its own safety (Category 8e).
[Data Exposure] (LOW): The skill promotes the storage of distributed state, including character attributes and logs, in plain-text YAML/Markdown files without encryption, increasing the surface for data exposure to other tools or agents.

coherence-engine