The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its primary function is to process and analyze untrusted external data (auction notices) without establishing clear security boundaries.
Ingestion points: SKILL.md (instructions for analyzing user-provided auction notices).
Boundary markers: Absent in the instructions provided to the agent.
Capability inventory: The skill allows access to high-privilege tools like claude-code and cursor which can execute shell commands and modify files.
Sanitization: No input validation or sanitization of the notice content is performed before analysis.
[COMMAND_EXECUTION]: The SKILL.md file includes documentation blocks with hardcoded shell commands targeting specific local user directories (e.g., C:\Users\renat\...). An agent might attempt to execute these commands to verify its own state or environment, leading to potential errors or unintended file access attempts.
[COMMAND_EXECUTION]: The inclusion of scripts/governance.py introduces local file system interactions. The script creates a data directory and writes to an action_log.jsonl file. While intended for auditing and rate-limiting, this represents active file system modification by the skill's supporting code.

leiloeiro-edital