The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The vit learn <ref> command is used to download and install new skills from the external ATProto network directly into the agent's skill directory, facilitating the execution of arbitrary third-party code.\n- [EXTERNAL_DOWNLOADS]: The skill fetches records, implementation plans, and executable content from ATProto, a decentralized public network, via the vit skim, vit remix, and vit learn commands.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because the agent is instructed to read and process content ('capabilities') authored by unknown users on a social network. Malicious records could contain instructions designed to manipulate the agent's behavior.\n- [PROMPT_INJECTION]: The instructions in Section 5 include a bypass for a 'Human-Only' safety gate. It provides criteria under which the agent should automatically trust and confirm external content using vit vet <ref> --trust --confirm, which removes the intended human oversight.\n- [COMMAND_EXECUTION]: The skill makes extensive use of the vit CLI tool to perform operations such as configuration management, project initialization, and network communication.

using-vit