The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains instructions to generate a security_override.json file. This is explicitly described as a mechanism to bypass automated security verification (referred to as 'Phase 5 P0 checks') by whitelisting high-risk functions such as subprocess.run, requests, and urllib.
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection during the file generation process.
Ingestion points: User-provided descriptions and names are passed as command-line arguments to the scaffold.py script (e.g., via the --desc flag).
Boundary markers: Absent. The templates in the templates/ directory use standard Python string formatting to interpolate variables directly into new files.
Capability inventory: The skill uses the Write tool and the scaffold.py script to create files and scripts on the host system.
Sanitization: No escaping or validation is performed on the description field, allowing potentially malicious content from a user prompt to be written into the generated skill's instructions.
[COMMAND_EXECUTION]: The skill executes a local Python script scripts/scaffold.py which performs multiple filesystem operations and uses os.chmod to grant execution permissions (0o755) to the generated scripts.

create-docker-skill