The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md instructions for Phase 2 direct the agent to execute a dynamically generated Python script using the shell command python3 tmp/<name>-build.py.- [REMOTE_CODE_EXECUTION]: The skill operates by programmatically assembling executable Python code at runtime, which is then executed via a subprocess. This dynamic generation of script files based on session logic is a high-risk pattern for arbitrary code execution.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (ingestion point: user-provided topic/description in SKILL.md). It uses this untrusted data to design content which is subsequently used to write a Python build script. Because the skill lacks instructions for input sanitization or the use of boundary markers (sanitization: absent; boundary markers: absent), a malicious user could potentially inject arbitrary Python commands into the generated script that the agent then executes (capability: subprocess execution).

pptx