The Agent Skills Directory

[COMMAND_EXECUTION]: The script in SKILL.md uses zipfile.ZipFile.extractall() to unpack archives. This method is vulnerable to ZipSlip, a directory traversal attack that allows a malicious ZIP file to write files outside the intended destination directory.
[PROMPT_INJECTION]: The skill processes external data (ZIP files) and has write capabilities, representing a surface for indirect prompt injection. 1. Ingestion points: The unpack function in SKILL.md processes a file at a provided path. 2. Boundary markers: Absent. No verification of the ZIP content or source is performed. 3. Capability inventory: The script has filesystem write access through the extractall method. 4. Sanitization: Absent; the code does not validate archive members for path traversal sequences like '../'.

docstring-zip