The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to execute shell commands using curl and node -e. These commands interpolate variables like {imageUrl} and {charData.character} directly into the execution string. Since these values can originate from user input or external APIs (Wikipedia/Neta), they present a significant surface for command injection if not strictly validated.
[COMMAND_EXECUTION]: The skill uses node -e to execute a dynamically assembled JavaScript snippet at runtime for updating the Discord avatar. This practice of generating and executing code from string templates is a high-risk pattern that can be exploited if the source data is compromised.
[PROMPT_INJECTION]: The skill processes untrusted user input describing character traits and interpolates it directly into system prompts for character identification and tone generation.
Ingestion points: User-provided descriptions in Step 2 of the workflow.
Boundary markers: Missing; input is concatenated into the prompt string without delimiters or instructions to ignore embedded commands.
Capability inventory: Subprocess calls (curl, node), file writing (SOUL.md), and profile modification.
Sanitization: Minimal sanitization is performed (regex replacement of mentions), which is insufficient to prevent indirect prompt injection.
[EXTERNAL_DOWNLOADS]: The skill fetches character data and media from external sources, including Wikipedia, Wikimedia Commons, and the vendor-specific Neta API. It also requires the global installation of the @talesofai/neta-skills package. While these sources are associated with the vendor or well-known services, the automated fetching of content for use in shell commands and dynamic execution remains a risk factor.

discord-awaken-claw