The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute shell commands with unvalidated placeholders such as {name} and {content}. The interpolation of these parameters into commands like ls and python3 without rigorous sanitization represents a significant risk for arbitrary command injection if a malicious voice name or file path is supplied.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests data from external profile.json and config.json files, as well as user-provided content drafts. These ingestion points lack boundary markers or specific instructions to prevent embedded malicious prompts from influencing the agent's logic during the generation and validation phases. 1. Ingestion points: profile.json, config.json, and /tmp/voice-content-draft.md. 2. Boundary markers: Absent. 3. Capability inventory: Access to Bash (ls, test, python3, rm), Read, and Write tools. 4. Sanitization: Absent.

voice-orchestrator