The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs and executes bash commands by interpolating AI-generated strings, derived from user input, directly into shell arguments. Found in SKILL.md and SKILL.ko.md (Step 2 and Step 5). The instructions prompt the agent to run bash "$HARNISH_ROOT/scripts/query-assets.sh" --tags "{extracted tags}" and bash "$HARNISH_ROOT/scripts/record-asset.sh" --content "{selection rationale}". If the extracted tags or rationale contain shell metacharacters such as semicolons, backticks, or dollar-sign parentheses, it could result in arbitrary command execution within the agent's shell environment.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading and processing data from external asset files.
Ingestion points: Assets are read from .harnish/assets/*.jsonl (File: SKILL.md, Step 2).
Boundary markers: Absent; there are no instructions provided to the agent to treat the ingested data as untrusted or to ignore embedded instructions.
Capability inventory: The skill has the capability to execute bash scripts, create directories, and perform file-write operations.
Sanitization: Absent; there is no mention of validating or escaping the contents of the asset files before they are processed or used in further operations.

drafti-architect