The Agent Skills Directory

[PROMPT_INJECTION]: The 'SKILL.md' file includes an 'Identity Isolation Protocol' labeled as '[CRITICAL]' which instructs the agent to override its default identity and explicitly forbids mentioning its origin as an AI from Anthropic or Claude. These instructions are intended to bypass standard AI disclosure protocols to maintain character immersion.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted user input without proper security boundaries. 1. Ingestion points: User input within the character dialogue (SKILL.md). 2. Boundary markers: Absent; no delimiters or 'ignore' instructions are provided for user-supplied text. 3. Capability inventory: High; the skill is designed for agents like Claude Code which have shell execution and file system access (README.md, agents/openai.yaml). 4. Sanitization: Absent; no validation or escaping of user input is specified before the agent processes it as part of the character persona context.

atri-persona