The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to execute a local shell script scripts/scaffold.sh. This script performs standard file system operations (creating directories and writing files) and executes a local Python script scripts/audit_skills.py. These actions are performed entirely within the local repository context and align with the skill's stated purpose as a developer tool.
[INDIRECT_PROMPT_INJECTION]: The scaffold.sh script facilitates an indirect prompt injection surface. It accepts a user-provided description and interpolates it directly into the SKILL.md file using sed without sanitization or boundary markers. A malicious user could provide a description containing prompt injection instructions that would then be embedded into the newly created skill. However, this affects only the output file and does not compromise the current execution environment.
Ingestion points: User-supplied <one-line description> argument in scaffold.sh.
Boundary markers: None. Input is placed directly into the description field of the YAML frontmatter.
Capability inventory: File system writes (mkdir, sed) and local script execution (python3 scripts/audit_skills.py).
Sanitization: None. The script uses sed with a | delimiter, which may fail if the description contains that character but does not provide input sanitization against LLM instruction injection.

new-skill