The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses an 'Execution Contract' with high-pressure language ('CRITICAL', 'MANDATORY', 'HARD-GATE') designed to override the agent's default reasoning and force the execution of a specific tool, bypassing standard autonomous decision-making.
[COMMAND_EXECUTION]: The skill executes a local bash script at ${HOME}/.claude-octopus/plugin/scripts/orchestrate.sh and passes potentially unsanitized user input ('<user's research question>') into the command line.
[REMOTE_CODE_EXECUTION]: The skill relies on an external, unverifiable script ('orchestrate.sh') located in a hidden directory that is not part of the skill distribution. This allows the skill to execute opaque logic outside the visibility of the security analysis.
[PROMPT_INJECTION]: Indirect prompt injection surface detected through the processing of external synthesis reports.
Ingestion points: Reads files from ~/.claude-octopus/results/probe-synthesis-*.md which are generated from external web content.
Boundary markers: The skill refers to a 'skill-security-framing.md' file for protection, but this file is missing from the skill package.
Capability inventory: The skill has access to shell execution (bash), file system searches (find), and file reading (cat).
Sanitization: No explicit sanitization or validation of the synthesized content is present in the provided instructions.

octopus-research