The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes shell commands to create directories and open files. Evidence: mkdir -p case-study/[slug] and open case-study/[slug]/index.html in SKILL.md.
[COMMAND_EXECUTION]: The skill executes a shell script from a hardcoded absolute path referencing a specific user's environment. Evidence: bash /Users/ksd/Desktop/Varnan_skills/frontend-slides/scripts/export-pdf.sh in SKILL.md.
[EXTERNAL_DOWNLOADS]: The PDF generation process triggers an automatic installation of external dependencies at runtime. Evidence: The README.md and SKILL.md specify that export-pdf.sh auto-installs Playwright.
[REMOTE_CODE_EXECUTION]: The skill's primary functionality depends on the execution of an external script which performs runtime package installation from the network.
[PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by interpolating untrusted data into HTML files without sufficient safeguards. Ingestion points: User-supplied parameters customer_name, challenge, solution, results, and testimonial in SKILL.md. Boundary markers: Absent from the prompt instructions. Capability inventory: Shell command execution (bash), directory management (mkdir), and file system interaction (open) in SKILL.md. Sanitization: No evidence of escaping or validation of the interpolated user content.

graphic-case-study