The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions in SKILL.md and HEARTBEAT.md direct the agent to fetch a remote file (https://bankrsignals.com/heartbeat.md) and follow its instructions as part of a recurring task. This establishes an indirect prompt injection surface where a compromise of the remote server could allow an attacker to influence agent behavior. * Ingestion points: SKILL.md and HEARTBEAT.md. * Boundary markers: Absent; no instructions are provided to ignore potentially malicious embedded content. * Capability inventory: curl (network), node (execution), bash (execution). * Sanitization: Absent; the remote content is not validated before the agent is instructed to process it.
[COMMAND_EXECUTION]: The script scripts/publish-signal.sh executes dynamic Node.js code via the -e flag. The code string is constructed using shell variables ($ACTION, $TOKEN, etc.) which may contain untrusted data from other tools or data sources, presenting a risk of command injection.

signals