The Agent Skills Directory

[PROMPT_INJECTION]: Found in SKILL.md. The documentation includes a block of instructions labeled 'CRITICAL' that explicitly commands the agent to treat external file references as 'mandatory instructions'. It further directs the agent to 'Follow references recursively'. This pattern encourages the agent to prioritize content found in project files over its own internal safety constraints and system instructions, creating a significant prompt override risk.\n- [EXTERNAL_DOWNLOADS]: Found in SKILL.md, references/advanced-patterns.md, and references/file-locations.md. The documentation recommends a configuration where the agent fetches instruction sets from remote HTTPS URLs (e.g., GitHub). This practice introduces a risk where an attacker could compromise a remote repository to inject malicious instructions into the agent's context.\n- [COMMAND_EXECUTION]: Multiple files (including SKILL.md, references/advanced-patterns.md, and examples/*.md) contain shell command examples for file system modification, repository cloning, and package management. While intended as guidance for the user, these commands provide a template for persistent environment changes and dependency injection if executed by an agent with shell access.

rules-creation