The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides and instructs the agent to use several CLI tools (e.g., agent_intake_cli.py, render_cli.py, template_catalog_cli.py) which are executed as subprocesses using python3. While these are part of the skill's intended functionality, they represent a broad execution surface.- [DATA_EXFILTRATION]: The render_cli.py tool, via the template_renderer.py module, is vulnerable to arbitrary local file read. The render_template_bundle function resolves asset paths (markdown, HTML, CSS) directly from the assetRefs field in a template manifest provided by the user or agent. Since there is no validation to ensure these paths stay within the template directory, a malicious manifest can use absolute paths or parent directory traversal (e.g., ../../etc/passwd) to access and read sensitive files from the host system during the rendering phase.- [PROMPT_INJECTION]: The skill processes resume materials and project notes from untrusted external sources. This data is extracted via regex in material_intake_adapter.py and used to populate profile fields. If this extracted content contains malicious instructions, it could potentially influence the agent's behavior in subsequent drafting or intake steps, although the impact is limited by the structured nature of the intake workflow.

resume