The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements a 'no-ask-back' policy that explicitly overrides standard agent behavior for seeking user clarification. It instructs the agent to 'Never ask "what do you want me to do with this?"' and to 'file proactively, report after' when processing artifacts. This removes a critical human-in-the-loop verification step, allowing the agent to proceed with research and documentation based solely on its own inference of potentially untrusted input.
[DATA_EXFILTRATION]: The skill's workflow involves snapshotting active work (branches, PRs) and searching internal knowledge bases before performing external research. There is a risk that sensitive details from this local context could be included in queries sent to external search engines or web services during the 'Deep research' phase, leading to unintended data exposure.
[PROMPT_INJECTION]: The skill is inherently vulnerable to indirect prompt injection due to its core function of processing untrusted external data with high autonomy.
Ingestion points: The skill is triggered by URLs, repositories, academic papers, and files provided by users or external sources (SKILL.md).
Capability inventory: The agent can search internal notes, perform network-based research, and write new notes or entities to the workspace (referenced as 'P6 proactive bookkeeping').
Sanitization: While the skill mandates verifying URL integrity, it lacks instructions for sanitizing or escaping the content of the artifacts before they are analyzed or integrated into the knowledge base.
Boundary markers: The skill does not define clear delimiters or instructions to treat the ingested artifact content as data separate from the agent's instructions.

checkit