The Agent Skills Directory

[COMMAND_EXECUTION]: The skill guides the agent to use a specialized CLI tool (c456) to perform synchronization tasks, such as 'intake' and 'playbook' operations, which involve network communication with a remote platform.
[EXTERNAL_DOWNLOADS]: The automated 'Enrichment' process utilizes web-fetching tools to retrieve content from external sources including GitHub, npm, PyPI, RubyGems, and Homebrew. These operations target well-known package registries and developer services to gather metadata and documentation.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its core function of 'Ingesting' and 'Researching' untrusted data from external URLs and local materials. Malicious instructions hidden within README files or other source materials could potentially manipulate the agent's summarization or categorization logic.
Ingestion points: External data is fetched from arbitrary URLs (GitHub, npm, etc.) and read from the local raw/ directory.
Boundary markers: The skill lacks explicit instructions for the agent to treat ingested content as data only or to ignore embedded commands.
Capability inventory: The agent has the ability to read and write files within the workspace and execute network-enabled commands via the c456 CLI.
Sanitization: While the workflow includes content transformation (e.g., removing specific Markdown elements), it does not perform security-focused sanitization to filter out prompt injection strings from the source material.

c456-llm-wiki