The Agent Skills Directory

[PROMPT_INJECTION]: The Standards.md file contains instructions specifically designed to bypass 'Extended Thinking Sensitivity' when disabled, suggesting the use of alternative verbs like 'consider' or 'evaluate' instead of 'think'. This represents a technique to influence agent behavior against intended model constraints.
[PROMPT_INJECTION]: The skill architecture is designed for Indirect Prompt Injection by default (Category 8). It ingests untrusted YAML/JSON data and interpolates it directly into prompt templates without sanitization.
Ingestion points: Tools/RenderTemplate.ts (via loadData function) and Templates/Data/*.yaml files.
Boundary markers: The system suggests using markdown headers for structure in Standards.md, but the rendering engine does not enforce or automatically apply boundary markers or 'ignore embedded instructions' delimiters to interpolated variables.
Capability inventory: Tools/RenderTemplate.ts executes subprocesses via Bun.spawnSync, and SKILL.md contains a curl command for local notifications.
Sanitization: There is no evidence of input validation, escaping, or sanitization of data variables before they are rendered into the final prompt.
[COMMAND_EXECUTION]: The Tools/RenderTemplate.ts script utilizes Bun.spawnSync(['ls', partialsDir]) to dynamically list files in the partials directory. While targeting a directory derived from the script location, this pattern involves spawning a shell-level process to discover resources.

Prompting