The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local script at '${CLAUDE_PLUGIN_ROOT}/skills/_lib/pushover_core.ts' using the bun runtime. This is the primary function of the skill and uses a path internal to the plugin environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-controlled strings into shell arguments.
Ingestion points: The '--title' and '--message' arguments in the 'bun' command in SKILL.md are designed to receive user-supplied text.
Boundary markers: The skill does not use XML tags, delimiters, or explicit instructions to ignore potentially malicious embedded content within the variables.
Capability inventory: The skill has shell command execution capabilities via 'bun'.
Sanitization: There is no evidence of escaping or validation logic in the skill description to prevent shell character breakout (e.g., using backticks or semicolons to execute additional commands).

emergency-priority2-receipt