The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The 'Natural Language Compilation' section in SKILL.md describes translating untrusted natural language into JS/Python code. Mandatory Evidence: (1) Ingestion points: Natural language input for 'guard' and 'simulate' fields in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: i_set, i_give, i_take, i_drop (state/inventory modification). (4) Sanitization: Absent. Malicious users can potentially inject instructions that bypass the intended first-person logic. \n- [Dynamic Execution] (MEDIUM): The skill documentation explicitly promotes the runtime generation and execution of code snippets (e.g., JS arrow functions and Python lambdas). This facilitates the execution of dynamically created logic, which is dangerous if the generation source is influenced by untrusted data. \n- [Capability Risk] (LOW): The skill metadata specifies 'read_file' and 'write_file' as allowed tools. While not directly exploited in the provided 'i_' function examples, these privileges increase the potential impact of any injection that successfully escapes the intended paradigm's boundaries.

subjective