The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file scripts/evolve-soul.md contains a PostgreSQL connection string in a psql command template that includes a hardcoded password (36795379).
[REMOTE_CODE_EXECUTION]: The scripts scripts/evolution_proposal.py and scripts/insight_bundle_b012.py utilize importlib.util to dynamically load and execute internal Python modules (mem.py and evolution_arena.py) from relative file system paths calculated at runtime.
[COMMAND_EXECUTION]: The route_issue_draft operation in scripts/insight_bundle_b012.py generates shell command strings for the GitHub CLI (gh issue create). While intended for drafting rather than immediate execution, this capability involves the construction of shell commands from processed finding data.
[PROMPT_INJECTION]: The skill's 'OBSERVE' pipeline processes untrusted session transcripts to extract behavioral signals, creating an indirect prompt injection surface. Ingestion points: Session transcripts are read in scripts/extract-facets.md. Boundary markers: The extraction procedure does not define delimiters or specific instructions to ignore embedded commands within the transcript. Capability inventory: The skill possesses the ability to perform database writes (db.write) and modify local filesystem artifacts including soul profiles and workflow recipes (fs.write). Sanitization: No explicit sanitization or validation logic is applied to the transcript content before it is processed by the LLM.

skill-system-insight