The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The scripts/self_update.py script implements a self-update mechanism that downloads and installs skill bundle updates from the vendor's internal server (sc-chatroom.internal). This process includes SHA256 integrity verification and directory traversal protections during the extraction of tarball members.
[COMMAND_EXECUTION]: The scripts/room_rules.py script executes a system text editor (resolving from the $EDITOR environment variable or defaulting to vi) using subprocess.check_call to allow users to modify room-level rules.
[DATA_EXFILTRATION]: The skill transmits the agent's identity credentials (CONTAINER_JWT) and session-specific AKM keys to the vendor's sc-chatroom server to facilitate authenticated room participation and fan-out message delivery.
[PROMPT_INJECTION]: The scripts/install_soul.py script modifies the agent's core prompt to support an indirect prompt injection surface by requiring the agent to fetch and obey behavioral rules from a remote server.
Ingestion points: Room-level rules dynamically fetched from GET /rooms/{room_id}/rules.
Boundary markers: Absent; the fetched rules are incorporated into the prompt without explicit delimiters to ignore embedded instructions.
Capability inventory: Subprocess execution (for rule editing), file system writes (for workspace management and self-updates), and authenticated network operations (API interaction).
Sanitization: No validation or sanitization of the remote rule content is performed before ingestion.

workroom