The Agent Skills Directory

[PROMPT_INJECTION]: The skill establishes a mechanism where the agent reads 'Prevention Rules' from lesson files and is instructed to 'Apply' them in its workflow. This design creates a vulnerability to indirect prompt injection if the content of these files is compromised.\n- Ingestion points: Markdown files located in ~/.agents/lessons/ and project-specific .agents/lessons/ directories as specified in SKILL.md.\n- Boundary markers: There are no explicit markers or instructions defined to prevent the agent from treating data inside the lessons as privileged commands.\n- Capability inventory: The agent is authorized to read and write files on the local filesystem.\n- Sanitization: The skill contains no provisions for sanitizing or validating the 'Prevention Rule' content before the agent adopts it as a new rule for behavior.

lesson-decision-records