The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/workflow_generator.py is vulnerable to shell command injection. It uses Python f-strings to interpolate user-provided arguments (such as --input-bam or --chip-bams) directly into a generated bash script template without any sanitization or escaping. If an attacker provides an input containing shell metacharacters like backticks, $(), or semicolons, these commands will be executed in the user's environment when the resulting workflow script is run.
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection via the processing of untrusted external data.
Ingestion points: The scripts/validate_files.py script reads and parses the contents of user-provided BAM, BED, and bigWig files to validate their format.
Boundary markers: There are no boundary markers or instructions telling the agent to ignore embedded commands within the processed genomic data files.
Capability inventory: The skill has the capability to generate and execute shell scripts through the workflow_generator.py script and the instructions in SKILL.md.
Sanitization: No sanitization or validation is performed on the data extracted from external files before it is used in logic that influences agent actions or generated script content.

deeptools