The Agent Skills Directory

[PROMPT_INJECTION]: The skill employs extremely forceful and imperative language (e.g., "ABSOLUTELY MUST", "not negotiable", "automatic failure") and explicit override commands (e.g., "YOU DO NOT HAVE A CHOICE", "You cannot rationalize your way out of this") designed to bypass the agent's baseline decision-making logic and safety protocols.
[PROMPT_INJECTION]: The skill enforces a "Mandatory First Response Protocol" that requires the agent to search for and execute other skills even with a "1% chance" of relevance. This establishes a high-risk surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: Local filesystem via the 'Skill' tool (as described in the mandatory read instructions). 2. Boundary markers: Absent; the skill does not provide any delimiters or instructions to treat the discovered skill content as untrusted. 3. Capability inventory: Mentions the 'Skill' tool for execution and the 'TodoWrite' tool for file/state modification. 4. Sanitization: Absent; the skill lacks requirements for validating or filtering the content of external skills before execution.
[PROMPT_INJECTION]: The skill explicitly instructs the agent to prioritize its internal workflows over user context ("Instructions != Permission to Skip Workflows"), which can be used to override user-imposed constraints or specific safety instructions regarding task execution methods.

using-superpowers