The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses git and python3 via a helper script to manage project profile metadata in a shared directory. This functionality is located in SKILL.md and scripts/repo-profile-cache.py.
[EXTERNAL_DOWNLOADS]: The external-evidence-researcher.md agent component is instructed to use web search and fetch tools to gather information from the internet, which is a core part of its technology research function.
[DATA_EXFILTRATION]: The skill performs network operations to external domains to retrieve research data and documentation. These requests are restricted to the primary research task and do not involve sensitive credential harvesting.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from the web and project environment.
[PROMPT_INJECTION]: Indirect Prompt Injection Analysis: 1. Ingestion points: User arguments encapsulated in SKILL.md, external web content fetched by the researcher agent, and project source files analyzed by scouts. 2. Boundary markers: Employs <pov_request> XML-style tags to isolate user input in SKILL.md. 3. Capability inventory: Subprocess execution (git, python3), file system access, and web search/retrieval tools. 4. Sanitization: No explicit sanitization, filtering, or instruction-override protection is applied to ingested content.

ce-pov