The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses coercive and absolute language to override agent behavior, such as 'If you lie, you'll be replaced' and 'This is non-negotiable.' These patterns resemble jailbreak-style instructions that attempt to establish new mandatory constraints or penalties to bypass standard agent protocols.
[INDIRECT_PROMPT_INJECTION]: The skill requires the agent to ingest and analyze external data as part of its verification process, creating a vulnerability surface.
Ingestion points: SKILL.md (The 'Gate Function' Step 3: 'READ: Full output').
Boundary markers: No delimiters or instructions are provided to help the agent distinguish between command output and embedded malicious instructions.
Capability inventory: The agent is explicitly instructed to execute shell commands ('RUN: Execute the FULL command').
Sanitization: No sanitization or validation logic is defined for the external data being read.
[COMMAND_EXECUTION]: The skill directs the agent to 'IDENTIFY' and 'RUN' arbitrary shell commands based on its own assessment of what proves a claim. This enables dynamic command execution which, if influenced by untrusted project files or data, could lead to the execution of dangerous or unintended scripts.

Verification Before Completion