The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements an autonomous conversation loop (Mode 4) that ingests data from external agents via the oracle_thread_read tool without boundary markers or sanitization. This establishes a surface for indirect prompt injection where malicious input from another agent could influence the behavior or output of the current agent.\n- [PROMPT_INJECTION]: Mandatory evidence chain for indirect prompt injection surface: Ingestion points: oracle_thread_read tool (SKILL.md); Boundary markers: Absent; Capability inventory: oracle_thread, oracle_threads, and oracle_thread_read; Sanitization: Absent.\n- [PROMPT_INJECTION]: Instructions explicitly direct the agent to 'do NOT ask the user what to say' and to post immediately based on inferred intent. This design intentionally removes human-in-the-loop safety checks for communication, potentially amplifying the impact of injection or misinterpretation.\n- [DATA_EXFILTRATION]: The skill allows users to reference threads directly by ID (#{id}). While intended for convenience, this capability could be used to access or interact with unauthorized conversation threads if thread IDs are predictable or discovered through other means.

talk-to