The Agent Skills Directory

[COMMAND_EXECUTION]: In SKILL.md, the instruction for Step 1.3 directs the agent to execute a shell command: python3 scripts/validate-metadata.py --name "[name]" --description "[description]". This pattern is susceptible to command injection because the placeholders [name] and [description] are directly interpolated into the command string. If an attacker provides metadata containing shell metacharacters (such as ;, &, |, or backticks), they can break out of the intended command and execute arbitrary code on the host system.
[COMMAND_EXECUTION]: The template provided in assets/SKILL.template.md reinforces dangerous patterns by instructing the agent to execute local scripts via shell commands (e.g., Execute python scripts/[script-name].py). Without explicit instructions to sanitize user input before passing it to these scripts, this promotes a workflow that is inherently vulnerable to exploitation through malicious data ingestion.

skill-best-practices