The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands in the parse_arguments step using the $ARGUMENTS variable without prior validation. Specifically, the pattern echo "$ARGUMENTS" | sed 's/^--issue //' can be exploited to execute arbitrary shell commands if the input contains shell metacharacters like semicolons or command substitutions.
[COMMAND_EXECUTION]: In the generate_slug step, the description variable—which may be sourced from an untrusted issue file title—is processed using echo "$description". This allows for potential command execution within the agent's shell environment if the description contains malicious shell patterns.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when using the --issue flag. Ingestion point: The description is extracted from the title field of a user-provided issue file. Boundary markers: No delimiters or explicit instructions are provided to the agent to treat this content as data rather than instructions when it is interpolated into the validate_slicing prompt. Capability inventory: The skill allows for filesystem modifications, including directory creation and appending content to ROADMAP.md and STATE.md. Sanitization: No sanitization or validation of the extracted issue content is performed.
[COMMAND_EXECUTION]: The skill executes a local script scripts/kata-lib.cjs and invokes another skill kata-doctor, which introduces dependencies on external local code execution.

kata-add-phase