The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on executing local shell commands (bin/wiki, mv, ls, grep) to perform its core functions. It instructs the agent to assemble command strings using variables derived from conversation or user input.
Evidence: echo "$BODY" | bin/wiki capture --title "<one-line title>" in SKILL.md.
Evidence: mv <subagent-report-path> <wiki>/inbox/<basename> in SKILL.md.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from both user conversations and subagent report files.
Ingestion points: The $BODY variable (derived from chat) and external report files specified by <subagent-report-path> (found in SKILL.md).
Boundary markers: No specific delimiters or instructions to ignore embedded instructions are provided in the command templates.
Capability inventory: The skill has the ability to execute shell commands (bin/wiki), move files (mv), and list directory contents (ls).
Sanitization: There are no instructions or automated steps to sanitize the input data before it is passed to the shell or written to the wiki infrastructure.

karpathy-wiki-capture