The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes metadata from other skills and agents to update the global commands/do.md routing table, which could allow malicious instructions to reach the agent's control context.\n
Ingestion points: The scripts/extract_metadata.py script reads and parses the description field of all discovered SKILL.md and agent markdown files within the repository path provided.\n
Boundary markers: While extracted trigger patterns are wrapped in quotes in the markdown tables, there are no surrounding instructions or delimiters in the generated file to ensure the agent ignores embedded commands if they are extracted as 'triggers'.\n
Capability inventory: The skill uses local scripts for file discovery (scripts/scan.py), metadata extraction, and file modification (scripts/update_routing.py) within the repository scope.\n
Sanitization: None. The extraction logic in scripts/extract_metadata.py uses broad regular expressions to capture any text within double quotes or following 'Use when' clauses. This permits potentially malicious or overriding instructions from an adversarial skill's metadata to be propagated into the central routing configuration.

routing-table-updater