The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains 'Self-Evolving Skill' and 'Post-Execution Reflection' instructions in SKILL.md that direct the agent to modify its own source file. This self-modification capability allows for the persistence of potentially malicious instructions or the bypass of security controls if the agent's logic is influenced during a task.
[CREDENTIALS_UNSAFE]: In the Troubleshooting section of SKILL.md, the instruction 'echo $GH_TOKEN' is provided for debugging. This encourages the exposure of sensitive authentication tokens in plain text, which may be captured in logs or command history.
[COMMAND_EXECUTION]: The skill defines multiple bash scripts in SKILL.md that use tools like ps, find, grep, and asciinema to manipulate files and monitor processes.
[DATA_EXFILTRATION]: The workflow involves pushing data to an external GitHub 'orphan branch.' While functional, this represents a documented data egress point for content derived from terminal recordings.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it ingests untrusted terminal recordings from ~/eon for AI-powered summarization. Ingestion points: Phase 2 and 4 in SKILL.md read .cast and .txt files. Boundary markers: None; external content is passed to tools and the agent without delimitation. Capability inventory: Includes bash execution and writing to the SKILL.md file. Sanitization: No validation or sanitization is performed on the ingested terminal data.

post-session