The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to interpolate user-provided voice names directly into shell command arguments and filesystem paths, such as in Phase 1 (ls $HOME/claude-code-toolkit/skills/voice-{name}/) and Phase 4 (python3 ... --voice {name}). This pattern allows for path traversal or command injection if a malicious name is supplied.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface related to data ingestion. 1. Ingestion points: Writing samples are loaded from skills/voice-{name}/references/samples/ and included in the prompt as few-shot examples. 2. Boundary markers: There are no delimiters or instructions provided to isolate the sample content or prevent the agent from following embedded instructions. 3. Capability inventory: The agent has access to a broad range of capabilities including Bash, Write, Read, Edit, Task, and Skill. 4. Sanitization: No sanitization or validation of the loaded samples is performed before they are integrated into the generation process.

voice-writer