The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it synthesizes data from external sources without explicit boundary markers.
Ingestion points: The gbrain query "type:concept" command pulls in data from multiple ingestion sources (signals, voice notes, articles) which may contain untrusted content.
Boundary markers: There are no explicit delimiters or instructions to treat concept content as data rather than instructions during the Phase 3 (Synthesis) and Phase 4 (Clustering) passes.
Capability inventory: The agent has the ability to query the concept database and write new files to the concepts/ directory using the put_page operation.
Sanitization: No sanitization or validation of input data is performed before processing.
[COMMAND_EXECUTION]: The skill utilizes the gbrain CLI tool to perform queries and manage concept pages.
The instructions involve running gbrain query "type:concept" --limit 10000 --json to list and process pages.
While this is the intended mechanism for the skill, it relies on command execution to interact with the underlying data store.

concept-synthesis