The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the vit CLI tool, executing various commands such as vit init, vit skim, vit ship, and vit remix to perform its tasks.
[EXTERNAL_DOWNLOADS]: The skill facilitates network operations through the vit CLI. Specifically, vit skim fetches records from the ATProto network, and vit beacon probes remote repositories (potentially using git clone or similar mechanisms) to identify project markers.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted data from an external source (ATProto) and incorporates it into the agent's workflow.
Ingestion points: The vit skim command reads records from followed accounts, and vit remix outputs the content of external 'caps' (software capabilities) directly into the agent's context for implementation planning.
Boundary markers: The skill documentation does not specify the use of delimiters or warnings to prevent the agent from following instructions embedded within the ingested 'cap' content.
Capability inventory: The agent has the ability to write to the network via vit ship, modify local configurations via vit config, and generate code/plans via vit remix.
Sanitization: There is no evidence of sanitization or filtering of the external content before it is processed by the agent.
[DATA_EXFILTRATION]: While the skill primarily shares 'software capabilities', the vit ship command publishes data to a public decentralized network. If the agent is tricked into including sensitive information in a 'cap' body, it would result in public data exposure.

using-vit