The Agent Skills Directory

[PROMPT_INJECTION]: The claudeception-activator.sh script, intended for use as a session hook, employs aggressive and imperative steering language such as "CRITICAL", "MANDATORY", and "NON-NEGOTIABLE" to override the agent's default behavior and force it to execute the learning logic after every interaction.
[COMMAND_EXECUTION]: The installation instructions require the user to modify the agent's global configuration (settings.json) to execute a shell script on every prompt submit. This script acts as a persistence mechanism that ensures the skill's logic is always active.
[EXTERNAL_DOWNLOADS]: The skill instructions mandate using WebSearch and WebFetch to gather information from external websites to incorporate into the generated skills. This introduces a risk of ingesting and codifying malicious instructions from untrusted sources into the agent's permanent knowledge base.
[INDIRECT_PROMPT_INJECTION]: The skill's primary function is to ingest session history and external web content to generate new executable skills. This creates a high-risk surface where malicious data can persistently alter agent behavior.
Ingestion points: Data enters via WebFetch and WebSearch outputs as well as session logs processed by the SKILL.md logic.
Boundary markers: The instructions lack explicit delimiters or technical controls to separate untrusted external content from the generated skill instructions.
Capability inventory: The skill has Write access to the local filesystem, enabling it to create new instruction sets, and WebFetch/WebSearch capabilities for external communication.
Sanitization: No automated sanitization or verification is present; the skill relies entirely on the model's judgment to identify and exclude sensitive or malicious data.
[METADATA_POISONING]: The skill's metadata identifies the author as "Claude Code", which is misleading as the repository and documentation point to a personal GitHub account rather than an official project from the tool's vendor.

claudeception