The Agent Skills Directory

Prompt Injection (LOW): The instructions use 'Override' and 'CRITICAL RULE' markers, explicitly telling the AI to 'Adopt the persona defined in that file immediately' and 'Do not break character. Do not mention you are an AI.' This pattern is frequently used to circumvent standard AI safety and identity guardrails.
Indirect Prompt Injection (LOW): (1) Ingestion points: The skill reads content from 'personas/', 'core/', and 'memories/' directories using the 'cat' command. (2) Boundary markers: Absent. There are no instructions or delimiters to isolate the content of the loaded files from the system prompt instructions. (3) Capability inventory: The skill utilizes 'ls' for directory listing and 'cat' for file reading. (4) Sanitization: Absent. The skill maps user input directly to file paths (e.g., 'cat personas/[matched-filename].md'), creating a surface for path traversal if the underlying agent does not have strict file-system sandboxing.
Command Execution (LOW): The skill instructs the agent to execute shell commands ('ls', 'cat') to interact with the filesystem. While these are necessary for the skill's function, the lack of input validation on the file paths being read presents a minor security risk.

mind-clone