The Agent Skills Directory

[DATA_EXFILTRATION]: The skill specifically instructs the agent to search for and read sensitive file paths, specifically .env files and various configuration files (config.json, config.yaml), to extract information about API endpoints and available infrastructure.
[COMMAND_EXECUTION]: The skill identifies and extracts local executable scripts (e.g., evaluate.sh, test.*, validate.*) from the workspace and promotes them to the EVALUATOR or VALIDATION_COMMAND fields in the generated setup brief for later execution.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests content from untrusted files and workspaces to infer criteria, contracts, and search spaces without implementing boundary markers or sanitization before passing this data to the orchestrator. For Category 8, ingestion points are identified in the artifact inspection logic (from-file, from-paste, from-workspace), boundary markers are absent in the generated brief, and the capability inventory includes the potential execution of identified scripts.

simmer-setup