The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill identifies optimization targets by processing .aris/meta/events.jsonl, which includes raw user prompts and tool outputs. This creates a potential surface for indirect injection if malicious data in the logs influences the generated patches. Ingestion points: .aris/meta/events.jsonl in the local project directory. Boundary markers: None identified in the log analysis or patch generation steps. Capability inventory: Write, Edit, and Bash are utilized to modify other SKILL.md files. Sanitization: Proposals are reviewed by an external model and require explicit user approval before any changes are applied.
[DATA_EXPOSURE_AND_EXFILTRATION]: Usage statistics, including user prompt previews and tool summaries, are sent to an external service (mcp__codex__codex) for adversarial review by another model (e.g., GPT-5.4).
[DYNAMIC_EXECUTION]: The skill implements a self-modification workflow where it generates and applies diff-based patches to its own instruction files (SKILL.md), altering the agent's future behavior.
[PERSISTENCE_MECHANISMS]: The skill encourages users to install shell-integrated logging hooks in .claude/settings.json, enabling continuous data collection across multiple agent sessions.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform file system queries and to apply generated patches to project configuration files.

meta-optimize