The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to run the npx openpersona command for structural persona audits. This capability is restricted to the specific vendor CLI tool through the manifest's allowed-tools configuration, preventing arbitrary command execution.
[EXTERNAL_DOWNLOADS]: The skill relies on the openpersona Node.js package, which is the core framework maintained by the skill's author. This dependency is documented as part of the installation and update process.
[PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection because its primary purpose is to ingest and analyze untrusted data from persona files and remote agent responses.
Ingestion points: The agent reads content from persona.json, soul/*.md files, and JSON payloads received from remote agents during the black-box evaluation handshake.
Boundary markers: The instructions do not currently specify the use of XML delimiters or 'ignore' directives when passing ingested persona content to the model for semantic scoring.
Capability inventory: The skill is granted restricted Bash access (limited to npx openpersona) and standard file Read capabilities.
Sanitization: The skill processes prose content (backgrounds, personalities, speaking styles) without technical sanitization, relying on the model's qualitative evaluation according to provided rubrics.

persona-evaluator