The Agent Skills Directory

[PROMPT_INJECTION]: An indirect prompt injection surface is present due to the skill's reliance on historical session data for behavioral profiling. * Ingestion points: Processes workspace session logs and interaction history through the profile-user workflow. * Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands embedded within the analyzed interaction data. * Capability inventory: Utilizes spawn_agent to create sub-agents and performs file-write operations to local artifacts like USER-PROFILE.md and AGENTS.md. * Sanitization: There is no evidence of data sanitization or validation of the session history content before it is processed by the profiler.

gsd-profile-user