The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The documentation file scripts/evolve-soul.md contains a hardcoded password '36795379' within a sample PostgreSQL connection string (postgresql://postgres:36795379@localhost:5432/agent_memory).
[REMOTE_CODE_EXECUTION]: The script scripts/insight_bundle_b012.py performs dynamic code execution by using importlib.util to load and run Python modules (mem.py and evolution_arena.py) from dynamically computed file paths.
[COMMAND_EXECUTION]: The skill exposes multiple command execution vectors. scripts/insight_bundle_b012.py generates GitHub CLI commands (gh issue create) via string formatting. Additionally, several procedural files (scripts/evolve-soul.md, scripts/extract-facets.md) provide SQL templates that interpolate untrusted data including user IDs, session IDs, and YAML content into queries, creating a risk of SQL injection if executed by the agent without proper escaping.
[PROMPT_INJECTION]: The skill implements an automated 'Soul Evolution' loop that constitutes an indirect prompt injection surface. It processes untrusted session transcripts to extract behavioral 'facets' which are then used to rewrite the agent's own behavioral instructions in profiles/{user}.md. This allows external input to potentially manipulate the agent's future personality, decision-making heuristics, and communication style.
Ingestion points: The extract-facets operation reads raw session transcripts from the environment.
Boundary markers: The prompts for facet extraction and soul synthesis lack specific delimiters or instructions to ignore embedded commands in untrusted transcript data.
Capability inventory: The skill utilizes fs.write to modify its own instructions and db.write to update its internal soul state.
Sanitization: There is no evidence of sanitization or filtering of transcript content before behavioral signal extraction.

skill-system-soul