The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool for administrative and maintenance tasks. Evidence in SKILL.md shows the use of ln -s, mv, and ls for hub path resolution and wiki management. references/ingestion.md documents the use of bunzip2, gunzip, and pdftotext for decompressing archives and extracting text from PDF files. references/projects.md mentions the use of mv and rm -rf for project lifecycle management.\n- [EXTERNAL_DOWNLOADS]: The skill fetches data from various external sources to populate the knowledge base. references/ingestion.md documents the use of WebFetch to download content from arbitrary URLs, including specialized handling for x.com and twitter.com via third-party proxies (api.fxtwitter.com, api.vxtwitter.com). It also fetches archived web snapshots from the Internet Archive's Wayback Machine via the CDX API.\n- [REMOTE_CODE_EXECUTION]: The skill manages external dependencies and executes code to process documents. references/ingestion.md mentions creating temporary Python virtual environments to install and run packages like pypdf, pymupdf, and readability-lxml. references/datasets.md describes 'query recipes' that may involve executing DuckDB SQL, SQLite commands, or Python snippets found within the wiki.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the web. 1. Ingestion points: references/ingestion.md documents fetching content from URLs, GitHub repositories, and social media. 2. Boundary markers: While using structured prompts in references/research-infrastructure.md, there are no explicit 'ignore embedded instructions' markers to isolate untrusted content during synthesis. 3. Capability inventory: The skill has access to Bash, Write, and Edit tools, which could be misused if a malicious instruction from a fetched source is obeyed. 4. Sanitization: No explicit sanitization or filtering of external content before processing is documented.

wiki-manager