The Agent Skills Directory

[DATA_EXFILTRATION]: The skill uses the $ARGUMENTS variable (issue number) to construct file paths such as tmp/issues/<issue番号>/checklist.md. This pattern is vulnerable to path traversal attacks; a malicious user could provide an input like ../../etc/passwd to attempt to read sensitive system files.
[COMMAND_EXECUTION]: The skill utilizes tools like Write and Edit to create or modify files in directories derived from user input. This allows for potential unauthorized file manipulation if path traversal sequences are used to target sensitive locations outside the intended temporary directory.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. (1) Ingestion points: Data is read from config.json and tmp/issues/<issue番号>/checklist.md. (2) Boundary markers: No delimiters or specific instructions are provided to the agent to ignore potentially malicious instructions within these files. (3) Capability inventory: The skill has access to Bash, Read, Write, and Edit tools. (4) Sanitization: No validation or sanitization is performed on the user-provided issue number or the contents of the checklists.

test