The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes dynamic context injection in SKILL.md via the ! syntax to execute archon workflow list at load time, providing the agent with a live list of available workflows. Furthermore, the skill's primary function is to define and execute workflows that can contain 'Bash nodes' for arbitrary shell command execution.
[EXTERNAL_DOWNLOADS]: The guides/setup.md and guides/github.md files provide instructions for installing external dependencies including Bun, Git, and ngrok. These downloads are directed to official and well-known service domains such as bun.sh.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it is designed to ingest and act upon data from external sources like GitHub issues and pull requests.
Ingestion points: Workflow templates (e.g., examples/dag-workflow.yaml) use nodes that fetch content from GitHub issues and PRs.
Boundary markers: The prompt templates for nodes that process this content (e.g., the classify node) do not implement delimiters or explicit instructions to ignore embedded commands within the external data.
Capability inventory: The skill allows for full shell execution via Bash nodes, file system modifications, and the ability to trigger further AI agent actions with tool access.
Sanitization: There is no evidence of sanitization or filtering of the retrieved external content before it is interpolated into AI prompts.
[CREDENTIALS_UNSAFE]: Although the skill provides a secure, separate terminal setup wizard (archon setup --spawn), the manual configuration guide in guides/github.md suggests an option where users can paste GitHub tokens directly into the chat interface. This practice exposes sensitive credentials to the model provider.

archon