The Agent Skills Directory

[COMMAND_EXECUTION]: The skill dynamicly constructs shell commands using unvalidated input from the knowhow-manifest.json file. In phases/03-generate-specs.md, fields such as spec.title, spec.body, and spec.keywords are interpolated directly into a Bash tool call for the maestro spec add command. A maliciously crafted manifest containing shell metacharacters (e.g., backticks, semicolons, or pipe symbols) could execute arbitrary commands on the host system.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data which is subsequently reflected in the agent's workspace and executed commands.
Ingestion points: The skill reads knowhow-manifest.json in phases/01-load-manifest.md, which is described as being generated by potentially untrusted upstream skills.
Boundary markers: There are no boundary markers or instructions to the agent to ignore embedded commands within the manifest fields.
Capability inventory: The skill utilizes Bash for command execution, and Write/Edit for file system modifications across all phases.
Sanitization: The implementation lacks any validation or escaping mechanisms for the manifest's string content before it is interpolated into shell scripts or markdown documentation.

codify-to-knowhow