The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/generate_report.py file contains a generate_script method that creates shell scripts and applies executable permissions using chmod 0o755. This allows the agent to generate and potentially execute arbitrary shell scripts at runtime.
[COMMAND_EXECUTION]: The file scripts/setup_environment.sh uses a .sh extension despite containing Python code. While not inherently malicious, this misleading naming can obscure the true nature of the file's execution.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted code files and has the capability to write executable scripts without sanitization.
Ingestion points: The skill analyzes code located in ${CLAUDE_SKILL_DIR}/ through its memory leak detection instructions.
Boundary markers: There are no explicit markers or instructions to ignore embedded commands in the data being analyzed.
Capability inventory: The skill possesses the ability to create executable files (generate_report.py) and has permission to use Bash tools as defined in the allowed-tools frontmatter.
Sanitization: The generate_report.py script does not sanitize or escape the content argument before interpolating it into a shell script template.

detecting-memory-leaks