The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file contains instructions for the agent to perform an 'automatic setup' when the skill is first loaded. This involves the agent executing shell commands like cp, mkdir, and touch to install a JavaScript plugin into the user's ~/.config/opencode/plugins/ directory without a manual installation script.
[COMMAND_EXECUTION]: The skill relies on executing system commands for project detection and instinct management. The plugins/continuous-learning.js file uses execSync for git operations, and the instinct-cli.py script uses subprocess.run to manage the lifecycle of learned patterns.
[DATA_EXFILTRATION]: The plugin hooks into all tool executions (tool.execute.before and tool.execute.after) to record inputs and outputs to a local observations.jsonl file. Although it employs a regex-based redaction mechanism for common secrets like API keys and passwords, this broad logging of session data represents a potential exposure risk for sensitive information processed by the agent.
[EXTERNAL_DOWNLOADS]: The instinct-cli.py script includes an import command that enables fetching behavior definitions from arbitrary URLs using urllib.request.urlopen. This provides a channel for untrusted external data to be integrated into the agent's behavior model.

continuous-learning-v3