The Agent Skills Directory

[SAFE]: The skill serves as a protective monitoring utility. No malicious code, data exfiltration, obfuscation, or unauthorized remote access patterns were found during the analysis.
[COMMAND_EXECUTION]: The skill uses local Node.js scripts for its operational logic and validation hooks. These scripts are invoked via shell commands to process action buffers and enforce safety thresholds.
[PROMPT_INJECTION]: The skill evaluates tool arguments provided by agents to detect loops, which represents a potential attack surface for indirect prompt injection.
Ingestion points: Monitored tool arguments are passed into the recordAction and normalizeArgs functions in scripts/main.cjs for analysis.
Boundary markers: The skill treats ingested arguments as data for similarity calculations; no specific delimiters or ignore-instructions are used to isolate this content from the monitoring logic.
Capability inventory: The skill is authorized to use TaskUpdate to mark tasks as completed and can write to local memory files (e.g., learnings.md and issues.md) to maintain state across sessions.
Sanitization: A robust normalization process is implemented in normalizeArgs which uses regular expressions to strip timestamps, absolute file paths, and UUIDs. This prevents minor argument variations from being used to bypass the loop detection mechanism.

behavioral-loop-detection