The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions to schedule persistent background tasks using cron via an external manager script (crontab-manager.py). While this facilitates the intended monitoring functionality, it establishes a persistence mechanism across user sessions.
[COMMAND_EXECUTION]: The monitoring instructions in monitor-prompt.md contain complex Python logic for querying the learning.db SQLite database and scanning the filesystem for stale memory files. The agent is instructed to execute these generated scripts directly to aggregate health data.
[PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting untrusted data from external sources (GitHub PR titles, issue descriptions, CI run names) and including them in structured briefings that the agent is expected to read at session start.
- Ingestion points: Data enters via the gh CLI tool in monitor-prompt.md (Phases 2 and 3).
- Boundary markers: External data is placed in markdown bullet points within the briefing, but no explicit boundary delimiters or instructions to ignore embedded commands are present.
- Capability inventory: The skill utilizes Read, Write, Bash, and WebFetch tools, and the instructions require the execution of arbitrary shell and Python commands.
- Sanitization: There is no evidence of sanitization, escaping, or filtering for external content before it is interpolated into the briefing file.

kairos-lite