The Agent Skills Directory

[NO_CODE]: The skill consists entirely of documentation and pseudocode in Markdown files. No executable scripts, binaries, or active configuration files are present in the skill package.
[PROMPT_INJECTION]: The skill defines a protocol for reading and processing messages from the filesystem, which creates a surface for indirect prompt injection if an agent treats message bodies as instructions. Ingestion points: Message files are read from the .chipset/state/mail/{agent-id}/ directory. Boundary markers: The protocol does not specify the use of delimiters or 'ignore' instructions for the message body. Capability inventory: The described protocol performs filesystem operations including directory creation, file reading, atomic writing, and renaming. Sanitization: The specification does not include validation or sanitization of the message content.

mail-async