The Agent Skills Directory

[PROMPT_INJECTION]: The skill provides an indirect prompt injection surface (Category 8) by templating user-supplied strings into documents that may be processed by the agent in subsequent steps.
Ingestion points: CLI arguments (e.g., --name, --system, --owner) in scripts/generate_experiment.py and Markdown file content in scripts/validate_experiment.py.
Boundary markers: The skill lacks explicit delimiters or contextual instructions to prevent the agent from executing instructions potentially hidden within the user-supplied metadata fields.
Capability inventory: The skill is capable of file system read and write operations within the project directory.
Sanitization: Although the scripts robustly prevent directory traversal (CWE-22) using validate_path_no_traversal, they do not perform sanitization of the content being interpolated into the experiment templates.
[SAFE]: No high-severity security issues were identified. The skill does not perform network requests, hardcode credentials, or execute arbitrary commands from external sources. Its activities are confined to local documentation management.

chaos-experiment