The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions and configurations to modify the system's task schedulers, specifically using crontab and creating macOS LaunchAgents (com.clawdbot.compound-review.plist) to execute background commands.
[COMMAND_EXECUTION]: The skill automates the execution of git commit and git push, which are used to synchronize internal memory and agent instruction files with remote repositories.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It processes untrusted data ('all sessions from last 24 hours') to extract patterns and update the agent's core instruction files. 1. Ingestion points: Previous chat sessions and task logs. 2. Boundary markers: No delimiters or warnings to ignore instructions within the processed session data are specified. 3. Capability inventory: The agent can overwrite its own instructions and commit those changes to version control. 4. Sanitization: No evidence of sanitization or filtering of the extracted 'learnings' is provided.
[DATA_EXFILTRATION]: By automatically 'scanning all sessions' and pushing changes to a remote Git repository, there is a risk that sensitive information discussed in chats will be unintentionally committed and exfiltrated.
[NO_CODE]: The package.json file identifies cli.js as the entry point, but the source code for the CLI tool is not included in the provided files, preventing a verification of how it handles data or system commands.

compound-engineering-2