The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute a Node.js script located at ../plugins/ruflo-cost-tracker/scripts/compact.mjs. This script is responsible for the core logic of the skill.
[PROMPT_INJECTION]: The skill interpolates the user-supplied <QUERY> argument directly into a shell command string: ( cd v3 && node ../plugins/ruflo-cost-tracker/scripts/compact.mjs "<QUERY>" ). This pattern is susceptible to command injection if the input contains shell-active characters like backticks, dollar signs for command substitution, or semicolons, especially if the underlying agent execution environment does not perform strict escaping of arguments.

cost-compact-context