The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/cli.js uses child_process.exec to open files in the default browser. The command is constructed using string concatenation with the file path in the openFile function, which allows for command injection if the output path contains shell metacharacters. The execution is performed with the windowsHide option enabled.\n- [COMMAND_EXECUTION]: The CLI utility allows the agent or user to specify an arbitrary output file path, which can be used to overwrite sensitive local files with the generated HTML content.\n- [PROMPT_INJECTION]: The skill processes untrusted Markdown content, creating an attack surface for indirect prompt injection where malicious documents could influence the agent's use of the skill's filesystem and command execution capabilities.\n- [COMMAND_EXECUTION]: The installSkill function in scripts/cli.js writes to the user's configuration directory (~/.claude/skills/) to install the skill, serving as a persistence mechanism that modifies the local environment.

knowledge-graph