The Agent Skills Directory

[SAFE]: The skill consists of instructional content for relationship management and architectural research, with no malicious code or scripts detected.
[COMMAND_EXECUTION]: The instructions guide the agent to use the standard gh CLI tool (e.g., gh api search/users, gh search repos) to verify identity and research repositories on GitHub.
[DATA_EXFILTRATION]: The skill directs the agent to log interaction data, relationship scores, and architectural findings to local files (e.g., outreach.yaml, campaign.yaml, backflow.yaml). No network exfiltration of this data is directed.
[PROMPT_INJECTION]: The protocol creates an indirect prompt injection surface by processing external data from emails and websites. Evidence chain: (1) Ingestion points: Phase 1 and 2 involve reading inbound emails and public website content. (2) Boundary markers: No explicit markers or warnings are provided to prevent the agent from obeying instructions embedded in that external content. (3) Capability inventory: The agent has capabilities to write to local YAML files and execute GitHub CLI commands. (4) Sanitization: No sanitization or validation of external data is mentioned before processing.

inbound-opportunity-protocol