The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (e.g., mkdir -p "$OUT" and cat > /tmp/$CLIENT-scoping.json) using a user-provided 'client_slug' variable. A lack of validation or sanitization for this input could allow a malicious user or an adversarial external source to execute arbitrary commands within the agent's environment by providing a slug containing shell metacharacters.\n- [PROMPT_INJECTION]: The skill ingests untrusted external content from URLs, decks, and Figma files to extract brand signals. This content is then interpolated into image generation prompts without the use of boundary markers or sanitization, creating a surface for indirect prompt injection attacks where the external content could influence the agent's output.\n
Ingestion points: Step 1 (URL, deck, and Figma file signal extraction in SKILL.md)\n
Boundary markers: Absent; fetched content is summarized directly into system parameters\n
Capability inventory: Shell command execution via gen-ai CLI and file system operations\n
Sanitization: Absent; no validation or escaping of fetched external signals before interpolation into prompts

agency-brand-scoping