The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions for the agent to execute high-impact file system operations, including the modification and deletion of files.
Evidence: SKILL.md Phase 4 outlines procedures for removing items from index.json, moving files to library/archive/, and deleting redundant files during item merges.
Context: The skill restricts these operations to the library directory and includes an explicit requirement for user confirmation before any destructive actions are finalized.
[PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by processing external data from the library inventory.
Ingestion points: The skill reads data from library/index.json, library/usage-log.jsonl, and individual agent or skill markdown files.
Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when interpolating library content into the analysis prompt.
Capability inventory: The agent has filesystem access to modify, move, and delete files within the library directory structure.
Sanitization: No sanitization or content validation steps are defined for the ingested item descriptions or metadata.

librarian