The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses 'Iron Rules' and 'Pressure Levels' to override the agent's default safety guidelines and capability self-assessments. Instructions like 'forbidden to say I cannot solve' and 'Pressure Level L4: Graduation Warning' are designed to force the agent to bypass standard caution when tasks fail.
[COMMAND_EXECUTION]: The instructions mandate the autonomous use of system tools including 'Bash', 'Read', and 'Grep' without user intervention ('Iron Rule 2: Act first, ask later'). It specifically encourages generating and running 'Minimum PoC' code and changing technical stacks, which facilitates arbitrary command execution on the host system.
[DATA_EXFILTRATION]: The skill encourages reading large contexts of source code (50+ lines) and using 'WebSearch' for investigation. This behavior increases the surface for sensitive data exposure and indirect prompt injection from untrusted external content.
[PROMPT_INJECTION]: Indirect injection vulnerability surface: 1. Ingestion points: Task failure logs, user feedback including frustration phrases, and external search results (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Read, Grep, and WebSearch tools (SKILL.md). 4. Sanitization: Absent.

pua-debugging