The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The self_update.py script implements a mechanism to discover and apply updates to skill bundles. It fetches compressed tarballs from the vendor's server (sc-chatroom.internal), verifies their SHA256 checksum, and replaces local script directories in /data/workspace/skills/. This allows for the runtime modification of the skill's executable logic.
[COMMAND_EXECUTION]: The room_rules.py script allows users to edit room rules by invoking a system editor, such as vi or the command specified by the EDITOR environment variable, using subprocess.check_call.
[EXTERNAL_DOWNLOADS]: The skill performs network operations against sc-chatroom.internal and sc-chatroom.fly.dev to manage room memberships, fetch message history, and download skill updates. These endpoints are part of the vendor's infrastructure.
[PROMPT_INJECTION]: The install_soul.py script modifies the agent's SOUL.md to include instructions for fetching and following 'Room rules' from a remote server. This creates an indirect prompt injection surface where a chatroom owner can influence agent behavior by providing malicious instructions in the room rules.
Ingestion points: Fetched via GET /rooms/{room_id}/rules (referenced in SOUL.md).
Boundary markers: None implemented for the rule content itself; the rules are treated as 'authoritative constraints'.
Capability inventory: Subprocess calls in room_rules.py, file system writes in multiple scripts, and network operations to internal and external endpoints.
Sanitization: No escaping or validation is performed on the rule content before it is incorporated into the agent's context.

@2048/chatroom