The Agent Skills Directory

[COMMAND_EXECUTION]: The commands/scaffold.js script constructs file system paths using unvalidated command-line arguments. This allows for potential directory traversal or unintended file creation outside the intended development/requirements/ directory if the input is manipulated. Furthermore, the scripts/validate-manifest.sh shell script executes external commands based on agent-managed paths, introducing a risk of command injection or unauthorized file access.
[PROMPT_INJECTION]: The skill is inherently susceptible to indirect prompt injection as it instructs the agent to transform untrusted user requirements into executable Siebel logic (eScript, Workflows, or Open UI JS). An attacker could embed malicious instructions in a requirement to trick the agent into generating code that performs unauthorized data exfiltration or administrative tasks.
Ingestion points: User-provided business requirement descriptions (e.g., via the 'new requirement :' workflow).
Boundary markers: Absent; there are no clear delimiters or instructions to treat user requirements as untrusted data.
Capability inventory: The skill provides patterns for network exfiltration (EAI HTTP Transport), database CRUD (EAI Siebel Adapter), and client-side scripting (Open UI).
Sanitization: Absent; the skill lacks instructions for the agent to validate or sanitize the logic derived from requirement inputs before code generation.
[EXTERNAL_DOWNLOADS]: Patterns in references/open-ui-patterns.md include code for loading external JavaScript libraries from remote sources (e.g., google.com). While these target well-known services, they constitute external code execution within the CRM environment.

siebel-development