The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool for local file discovery and directory management. It executes ls to identify similar files for pattern extraction and mkdir -p to prepare target directories before writing new artifacts (SKILL.md, Step 4a and Step 7). These actions are confined to the project environment and align with the skill's utility purpose.
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by ingesting untrusted content from existing files during pattern discovery and restyling tasks. Ingestion points: The skill uses the Read tool to load existing command, skill, and agent files in SKILL.md (Steps 4a and 5c). Boundary markers: No explicit delimiters are used to separate loaded content from the agent's internal instructions. Capability inventory: The skill possesses powerful capabilities including Write, Edit, and Bash (Step 7), which could be leveraged if the agent inadvertently follows instructions embedded in source files. Sanitization: There is no evidence of validation or sanitization of the content read from external files before it is processed or used for generation.

prompt-generator