The Agent Skills Directory

[COMMAND_EXECUTION]: Data from local Seed files is interpolated into shell commands. Arguments like --title and --label for the gh CLI are populated with unescaped content from YAML/JSON fields, creating a risk of command injection if the file content contains shell metacharacters like backticks or semicolons.- [PROMPT_INJECTION]: The skill ingests untrusted data from local files (~/.ouroboros/seeds/ or user paths) and uses it to drive agent behavior. This creates an indirect prompt injection surface where instructions hidden in the Seed's goal or constraints could influence the agent's output or tool usage. Evidence chain: Ingestion from seed files, missing boundary markers, capability to execute CLI commands, and absence of sanitization.- [COMMAND_EXECUTION]: The skill relies on shell commands (ls, command -v, gh) to interact with the environment. Specifically, the search for recent seeds involves pipe operations that could be susceptible to manipulation if filenames are maliciously crafted.

publish