The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core workflow of processing external, potentially untrusted skill files.
Ingestion points: As described in the '修炼流程' (Refinement Process) in SKILL.md and the '诊断流程' (Diagnosis Process) in rules/diagnosis.md, the agent is instructed to read and analyze other skill files.
Capability inventory: The skill possesses extensive file-writing capabilities across the '修炼' phase and rules/improvement.md to implement suggested refinements.
Boundary markers: The instructions do not define delimiters (e.g., XML tags) or safety prompts to isolate the content of the skills being refined, allowing instructions inside those files to potentially influence the agent's behavior.
Sanitization: No sanitization or validation logic is provided to filter malicious instructions within the refined skill content.
[COMMAND_EXECUTION]: The skill provides Python-style code templates for scoring and metric calculation in rules/validation.md and rules/diagnosis.md. These templates, while intended as logical guides, may lead the agent to execute dynamically generated code or scripts to fulfill the 'Automatic diagnosis' and 'Verification' requirements of the refinement process, which could be exploited if the agent's generation logic is subverted by malicious input from the files being refined.

skill-refiner