The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements a learning system that populates 'learned-patterns.json' based on user interactions and agent outcomes. This creates an indirect prompt injection surface where malicious content in commands or code edits could influence the agent's future behavior or auto-approval logic.
Ingestion points: User commands, code edits, and agent outcomes stored in 'metrics.json' and 'learned-patterns.json'.
Boundary markers: Absent for the learning phase; the system implicitly processes session history to derive patterns.
Capability inventory: Learned patterns are used to auto-approve future commands; however, the skill implements a hardcoded blocklist in 'consent-and-security.md' preventing auto-approval of 'sudo', 'rm -rf', and 'chmod 777'.
Sanitization: The skill includes a PII scanner ('validate_no_pii') that checks data for sensitive patterns like emails and IP addresses before any export or transmission.
[DATA_EXFILTRATION]: The skill includes an optional network transmission component ('analytics-sender.sh') that can send aggregated metrics to a remote endpoint.
Evidence: The 'analytics-sender.sh' script sends data to the 'ORCHESTKIT_ANALYTICS_ENDPOINT' if enabled.
Context: This is a vendor-managed resource used for plugin improvement, consistent with the vendor's (yonatangross) stated purpose.
Mitigation: The skill requires explicit opt-in ('/ork:feedback opt-in'), records consent in an audit log, and provides an 'export-analytics' command for users to review data before it is shared.

feedback