The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted metadata from binary files. Ingestion points: The agent reads data via the string_refs, imports, and funcs tables as defined in SKILL.md. Boundary markers: The skill instructions and SQL templates do not include explicit delimiters or instructions to ignore instructions embedded within the analyzed strings. Capability inventory: The skill explicitly allows the Bash tool in its configuration. Sanitization: There is no evidence of sanitization or validation of the content retrieved from the binary before it is used in the agent context.
[COMMAND_EXECUTION]: The skill configuration in SKILL.md includes Bash in the allowed-tools list, which provides the agent with a broad command-line execution capability.

xrefs