The Agent Skills Directory

[PROMPT_INJECTION]: The skill definition in SKILL.md contains multiple directives designed to override the agent's standard cognitive behavior. The metadata description and the instruction body use phrases such as 'Do NOT analyze first', 'Invoke IMMEDIATELY', and 'Do NOT analyze or explore first'. These directives are bypass markers intended to suppress the model's reasoning and safety-checking phases before performing a task.
[PROMPT_INJECTION]: The skill's architecture involves processing a large volume of untrusted natural language data (research paper summaries in the 'papers/' directory) to influence the generation of other prompts. This creates a surface for indirect prompt injection, as there is no evidence of sanitization, filtering, or clear boundary markers for this ingested content, yet the skill has the capability to execute commands and modify system prompts.
[COMMAND_EXECUTION]: The skill's primary function is to execute a Python module using the command 'python3 -m skills.prompt_engineer.optimize' in the '.claude/skills/scripts' directory. The source code for this module is not included in the analyzed file set, making the actual logic being executed unverifiable. This is particularly concerning as the agent is simultaneously instructed to skip its usual analysis of the task before execution.

prompt-engineer