The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill creates an attack surface by interpolating unsanitized user inputs into a GitHub issue body intended to be read by another AI agent.
Ingestion points: The gh issue create command in SKILL.md uses variables like [NAME], [PURPOSE], and [THEME] gathered from human input.
Boundary markers: The data is structured in Markdown tables, but there are no explicit delimiters or instructions to the reading agent to ignore embedded commands.
Capability inventory: The skill anticipates that the 'New Oracle' will have the capability to execute commands like /learn, /calibrate, and /awaken based on the content of the issue.
Sanitization: No sanitization or escaping logic is present to prevent malicious strings from being treated as instructions by the downstream agent.
[External Downloads] (LOW): The skill directs the agent to 'learn' from external GitHub repositories (Soul-Brews-Studio/opensource-nat-brain-oracle and Soul-Brews-Studio/oracle-v2). These repositories belong to an organization that is not on the trusted list, meaning their contents have not been verified for safety.

birth