The Agent Skills Directory

[COMMAND_EXECUTION]: Implements a discovery protocol in tool-discovery.md that executes local shell commands (which, cat, echo) and a short Python snippet (python3 -c) to detect the runtime environment and parse configuration files.
[PROMPT_INJECTION]: The SKILL.md file defines prompt templates that interpolate untrusted variables such as task_description and scope into instructions for sub-agents, creating a surface for indirect prompt injection.
Ingestion points: Untrusted data enters the agent context through the bridge_input schema defined in SKILL.md.
Boundary markers: The templates use structural headers (e.g., SCOPE:, TASK:) but do not include explicit instructions or delimiters to ignore adversarial commands embedded within the input data.
Capability inventory: Bridges have access to powerful tools including Bash (for CLI execution), Write (for local logging), and Task (for spawning parallel sub-agents).
Sanitization: No input validation, escaping, or sanitization logic is specified for the interpolated fields.
[DATA_EXFILTRATION]: Defines a protocol for writing audit artifacts and execution logs to the local .outputs/bridges/ directory. No network exfiltration or sensitive data exposure was detected.

bridge-commons