The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to autonomously execute programmatic remediations—including running scripts, restarting services, and installing packages—based on the output of the tribal check --json command. In SKILL.md and references/tribal-check-remediation.md, the agent is explicitly directed to "perform it without waiting for the user" for these actions. This pattern allows for unvetted shell execution of instructions generated at runtime.
[COMMAND_EXECUTION]: The skill requires the execution of shell commands using the tribal and jq binaries for core functionality, including bootstrapping, configuration, and retrieval.
[PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection (Category 8).
Ingestion points: Data enters the context through discover, explore, and get tool calls to the Tribal knowledge base (stored in Postgres).
Boundary markers: Absent; there are no instructions to use delimiters or "ignore embedded instructions" warnings when processing retrieved context.
Capability inventory: The agent has access to shell execution via Bash(tribal *) and Bash(jq *) and is instructed to follow retrieved guidance as operational principles.
Sanitization: Absent; no sanitization or validation of the ingested tacit knowledge is described. The agent is encouraged to "explore liberally" and "proactively use the read tools," making it likely to encounter and follow malicious instructions embedded as engineering "principles". Evidence is in SKILL.md (Read journeys) and references/tacit-knowledge.md.

using-tribal