The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs users to install plugins and extensions from unverified third-party GitHub repositories (github.com/Q00/ouroboros and github.com/supercent-io/skills-template). These sources are not associated with known trusted organizations and could potentially host malicious code.
[REMOTE_CODE_EXECUTION]: Installation instructions include the use of 'npx skills add' with remote URLs, which executes code from external sources directly on the user's machine.
[COMMAND_EXECUTION]: The provided 'scripts/setup-codex-hook.sh' shell script modifies the local user configuration file '~/.codex/config.toml' and creates files in the user's home directory.
[PROMPT_INJECTION]: The skill possesses a significant indirect prompt injection surface (Category 8) due to its combination of high-privilege tools and external data ingestion. 1. Ingestion points: User-provided topics via 'ooo interview', task descriptions via 'ooo ralph', and external content fetched via 'WebFetch'. 2. Boundary markers: Absent; no instructions are provided to the agent to delimit or ignore instructions within external data. 3. Capability inventory: 'Bash' (shell execution), 'Write' (file modification), and 'WebFetch' (network access). 4. Sanitization: Absent; the skill does not specify validation or sanitization of external content before processing it within the autonomous 'Ralph' loop.

ralph