The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes uv run to execute internal Python utilities (validate_kb.py and suggestion.py) for maintaining knowledge base integrity and processing suggestions. The validate_kb.py script also uses subprocess.run to call git for tracking changes, which is consistent with its intended purpose as a repository-backed management tool.
[EXTERNAL_DOWNLOADS]: The skill facilitates the retrieval of articles and web content for learning purposes. It implements a robust URL validation mechanism in fetch-content.md that restricts schemes to HTTP/HTTPS and rejects local or private IP ranges, effectively mitigating Server-Side Request Forgery (SSRF) risks. It recommends using well-known extraction tools such as reader-cli and trafilatura.
[PROMPT_INJECTION]: The skill includes explicit safeguards against indirect prompt injection from untrusted web sources.
Ingestion points: Untrusted data enters via fetched article text and web research findings in article-workflow.md, searcher.md, and challenger.md.
Boundary markers: Each workflow that handles external data contains a mandatory 'Untrusted content boundary' warning, instructing the agent to treat findings strictly as data and to ignore any embedded directives or prompt-like patterns.
Capability inventory: The skill possesses capabilities for file system modification, shell execution, and network access, which are used for KB updates and research.
Sanitization: Validation is performed at the URL level to prevent unauthorized access, and the agents are structurally isolated to prevent data from being misinterpreted as commands.

kb-learn