The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to run pip install -r ./requirements.txt. Executing package management commands on skill-provided files is a high-risk operation that can lead to arbitrary code execution through malicious package configurations.
[EXTERNAL_DOWNLOADS]: The requirements.txt file uses a directory traversal pattern (../../requirements.txt) to point to a file outside the skill's own directory. This allows the skill to load dependencies from the host's parent environment, which is a non-standard behavior that could be used to access or execute unintended configurations.
[PROMPT_INJECTION]: The skill ingests JSON data from an external source (the 'rsvp-reading' skill) to generate comprehension quizzes, creating a surface for indirect prompt injection. * Ingestion points: JSON token stream file. * Boundary markers: Absent; there are no instructions to ignore embedded commands. * Capability inventory: Access to Bash, Read, and Write tools. * Sanitization: No sanitization or validation of the ingested content is described, allowing malicious text to potentially influence the agent's behavior during the quiz phase.

rsvp-comprehension-agent