The Agent Skills Directory

[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to the processing of untrusted external data.
Ingestion points: Data is imported from external WeChat and QQ log files, social media screenshots, and user-provided descriptions through wechat_parser.py, qq_parser.py, and social_parser.py.
Boundary markers: Absent. External content is interpolated directly into system instructions without protective delimiters or instructions to ignore embedded commands.
Capability inventory: The skill and its generated sub-skills utilize Read, Write, Edit, and Bash tools.
Sanitization: There is no evidence of sanitization or escaping logic to prevent malicious instructions within the logs from influencing the agent's behavior during persona generation or dialogue.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute internal Python scripts for data analysis and file management. It also dynamically generates new instruction files (SKILL.md, persona.md, memory.md) based on user-provided templates and external data, effectively creating new executable modules at runtime.
[EXTERNAL_DOWNLOADS]: The skill documentation encourages cloning the repository from GitHub and lists Pillow as a dependency in requirements.txt. It also references third-party forensic tools for exporting chat data, such as WeChatMsg and PyWxDump.

create-ex