The Agent Skills Directory

[PROMPT_INJECTION]: The skill identifies and aggregates patterns from untrusted experiment data to generate 'briefs' (prompts) for subsequent agents, creating a potential indirect prompt injection vulnerability.
Ingestion points: Untrusted data is ingested from .evo/project.md, outcome.json, traces/task_*.json, and prose error fields found within the workspace and experiment subdirectories.
Boundary markers: The skill relies on natural language instructions for sub-agents to provide 'verbatim quotes' and perform 'diversity checks,' but it does not employ technical delimiters (such as XML tags or dedicated boundary markers) to isolate untrusted data within the generated briefs.
Capability inventory: The orchestrator and its sub-agents can execute shell commands via the evo CLI (e.g., evo dispatch, evo scratchpad), read/write workspace files, and spawn additional agents with code-editing permissions.
Sanitization: No explicit evidence of sanitization, escaping, or schema-based validation is present for the data aggregated from previous experiment outcomes before it is interpolated into new agent instructions.

optimize