The Agent Skills Directory

[DATA_EXFILTRATION]: The skill hardcodes an absolute file path to a specific user's private directory (C:/Users/angelo.asperti/Desktop/Obsidian/Caricare/llm.wiki/...). This reveals the author's local file structure and could lead to unauthorized file access or errors when the skill is used on different systems.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from multiple external sources without sanitization or boundary markers. * Ingestion points: Reads content from machine_recipes.json, data/silver_serial.csv, and a markdown mapping file. * Boundary markers: Absent. The skill does not instruct the agent to distinguish between data and potential instructions embedded within the recipe or mapping files. * Capability inventory: The skill has the ability to read from the file system and write multiple report files (HTML, MD, CSV) to the local disk. * Sanitization: Absent. There is no requirement to validate or escape data from the technical attributes before it is rendered into the report outputs, which could be exploited if the source data is maliciously crafted.

recipe-analizer