The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute jq commands for manipulating JSON state and configuration files. It employs safe patterns such as using argjson for passing data and deriving file path slugs through restrictive character filtering to prevent command injection from user-provided research topics.
[PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill ingests and processes research data and user-supplied arguments which are subsequently passed to sub-agents. The skill implements several defensive measures: 1. Ingestion points: Reads from state.json and $ARGUMENTS. 2. Boundary markers: Uses <user_input> tags in the prompt for sub-agents to isolate external content. 3. Capability inventory: Commands include Bash (filesystem modification), Agent (sub-task spawning), and SendMessage. 4. Sanitization: Truncates arguments to 200 characters and strips potentially dangerous characters like backticks and angle brackets.

augment