The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands like 'echo "[PROMPT]" | claude -p ...' to manage subagents. This pattern is dangerous because prompts containing shell metacharacters (e.g., backticks, semicolons) can trigger arbitrary command execution on the host. The skill also uses 'sed' and 'grep' at runtime to dynamically extract and execute its own instructions from 'SKILL.md'.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. 1. Ingestion points: Data entering through 'web_search', 'web_fetch', and the 'Elenctic Interview'. 2. Boundary markers: Absent; there are no delimiters or instructions to treat external data as untrusted. 3. Capability inventory: Access to shell commands via 'claude -p', file read/write operations, and internet-enabled tools. 4. Sanitization: Absent; the skill does not filter or escape external content before it is processed by the orchestrator or monks.
[PROMPT_INJECTION]: The skill uses behavioral overrides and role-play instructions to force specific AI behaviors, such as 'Do NOT be balanced', 'Do NOT acknowledge the other side's merits', and 'your ONE JOB is to believe'. While functional for the 'Electric Monk' engine, these constitute direct instructions to bypass the model's default safety and neutrality alignments.
[DATA_EXFILTRATION]: User context from the interview is saved to 'context_briefing.md' and then read by subagents with network access. This creates a risk that sensitive personal or corporate data included in the briefing could be inadvertently leaked to external search providers through generated queries.

dialectic