The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/generate-module.sh is vulnerable to shell command injection. It uses the MODULE_NAME argument (which originates from user input) inside a double-quoted heredoc (<< EOF). Because the heredoc delimiter is not quoted, the shell evaluates any command substitutions (such as $(...) or backticks) contained within the variables (like ${PASCAL_NAME} or ${MODULE_NAME}) when writing the boilerplate files. An attacker can execute arbitrary commands on the system by providing a malicious module name.
[COMMAND_EXECUTION]: The script scripts/generate-module.sh is vulnerable to directory traversal. The MODULE_NAME argument is used to construct the MODULE_DIR path (src/modules/${MODULE_NAME}) without any sanitization or validation. This allows an attacker to specify paths like ../../ to create or overwrite files outside the intended project directory.
[COMMAND_EXECUTION]: The instructions in SKILL.md direct the agent to accept a module name from the user and pass it directly as an argument to the vulnerable scripts/generate-module.sh script. This provides a direct execution path for shell injection attacks via the agent's interface.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the user and uses it to drive the execution of a shell script with significant system capabilities.
Ingestion points: User input for module names and descriptions requested in SKILL.md.
Boundary markers: None present to delimit user-provided data from instructions.
Capability inventory: Arbitrary file creation and shell execution via scripts/generate-module.sh.
Sanitization: No validation or escaping is performed on the user input before it is passed to the shell environment.

nestjs-module-generator