The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Untrusted user data is ingested during Phase 1.1 in SKILL.md. No boundary markers or delimiters are used to wrap or isolate this content. The skill possesses extensive capabilities including network-accessing tools for image generation and file system operations such as 'sed' and 'cp'. No sanitization or escaping of user-provided content is performed before it is interpolated into design prompts in Phase 5.
[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands like 'sed', 'grep', and 'cp' using variables derived from user input or tool outputs, such as '[user-provided-key]' and '[topic-slug]'. While intended for local configuration and file management, this pattern could lead to command injection or directory traversal if the inputs contain malicious characters and are not properly handled by the underlying platform.
[SAFE]: The skill follows established security best practices for credential management by guiding users to store sensitive API keys in a .env file rather than hardcoding them. It also proactively adds the .env file to .gitignore to prevent accidental disclosure in repository history.

infographic