The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes session logs containing untrusted tool outputs to generate behavioral patterns. Ingestion point: Session logs in observations.jsonl are populated by the hooks/observe.sh script with raw tool results. Boundary markers: The observer agent's prompt in agents/observer-loop.sh lacks delimiters or 'ignore' instructions for the processed log content. Capability inventory: The observer agent has the ability to write new behavioral 'instinct' files to the filesystem. Sanitization: Logged tool outputs are truncated but not sanitized for embedded instructions.
[DATA_EXFILTRATION]: The skill captures tool inputs and outputs during sessions, creating a local log of interactions that is subsequently processed by an external LLM. hooks/observe.sh records tool activity to observations.jsonl. While intended for learning, this can lead to the logging and transmission of sensitive data (like secrets or code) to the LLM provider if they appear in tool outputs.
[EXTERNAL_DOWNLOADS]: The scripts/instinct-cli.py utility allows users to import instinct definitions from arbitrary remote URLs via the import command.
[COMMAND_EXECUTION]: The skill manages background processes and executes system utilities. agents/start-observer.sh spawns a background analysis loop using nohup. agents/observer-loop.sh executes the claude CLI tool to process observations.

continuous-learning-v2