The Agent Skills Directory

[COMMAND_EXECUTION]: The skill defines workflows that execute shell commands to manage development environments.
Evidence: Commands such as git checkout -b, mkdir -p .tasks, touch, git add --all, and git commit are integrated into the mode-based execution logic in SKILL.md.
[PROMPT_INJECTION]: The instructions use strong imperative language to override standard agent behavior and enforce a strict internal protocol.
Evidence: Directives like "Failure to declare your mode is a serious violation" and "Meta-instruction: Mode Declaration Requirement" are used to mandate behavioral compliance.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its capability to process untrusted data with high-privilege tool access.
Ingestion points: The skill reads external files in RESEARCH mode and processes a [用户的完整任务描述] (User Task Description) field in the task file template.
Boundary markers: Present in the form of a "WARNING" section in the task file template, but these instruct the agent to protect the protocol rather than sanitizing input data.
Capability inventory: The agent has the authority to create files, modify codebases, and execute Git commands across the project.
Sanitization: No explicit logic is provided to sanitize, escape, or validate content ingested from local files or task descriptions before it influences the planning and execution phases.
Risk Factor: The YOLO_MODE: On configuration allows the agent to execute all planned steps autonomously, significantly increasing the risk that an indirect injection could lead to unauthorized system changes without user oversight.

riper5-protocol