The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md and SKILL.ko.md (Steps 2 and 7) direct the agent to execute bash scripts while interpolating variables such as {keywords}, {slug}, and {summary}. These variables are sourced from user-provided planning documents. The direct interpolation of these strings into a shell command template (e.g., bash ... --tags "{keywords}") creates a risk of command injection if the strings contain shell metacharacters.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. 1. Ingestion points: The skill parses external planning documents in Step 1. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the input document. 3. Capability inventory: The skill can execute local bash scripts and perform file system writes in the docs/ directory. 4. Sanitization: No validation or escaping of the extracted planning data is performed before use in script arguments or file contents.

drafti-feature