The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill provides templates for creating providers and skills where user-supplied strings (e.g., provider names, action descriptions) are interpolated into shell scripts and YAML frontmatter. Ingestion points: User inputs from the requirement gathering phase are used to populate file paths and script contents in the generated provider structure. Boundary markers: The templates lack delimiters or specific instructions to the agent to disregard instructions potentially embedded within user-provided strings. Capability inventory: The skill involves file system operations (creating directories and files via PowerShell/Bash) and network communication (Python handler templates using the requests library). Sanitization: No validation or sanitization of input parameters is demonstrated in the templates, creating a surface for command or prompt injection if the agent executes the resulting scripts with untrusted data.
[DATA_EXPOSURE_AND_EXFILTRATION]: The documentation includes multiple references to local project files using the file:// protocol (e.g., file:///c:/Projects/cmps/atlasclaw/docs/PROVIDER_GUIDE.md). While these serve as informational links in a development guide, the use of the file:// protocol represents a potential exposure vector if an agent can be manipulated into accessing sensitive local system files via similar URIs.

create-provider