The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to perform various system operations using the Bash tool, such as reading logs, checking file statuses, and running Python servers. While intended for development and debugging, this involves executing shell commands which could be exploited if inputs are manipulated.
Evidence: Commands like "cat logs/agent-.log", "curl", "ls -la workspace/test.txt", and "uv run agentica-server" are provided in SKILL.md.
[PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by encouraging the agent to read log files and workspace files. If these files contain content from untrusted sources, they could include instructions that override agent behavior.
Evidence: SKILL.md instructs the agent to perform "cat logs/agent-.log" and "cat workspace/test.txt" to verify operations.
Ingestion points: File reading operations on "logs/agent-.log" and "workspace/test.txt" (SKILL.md).
Boundary markers: Absent. There are no instructions to ignore or delimit instructions found within the read data.
Capability inventory: The skill uses "Bash" and "Read" tools, which allow for further file system interaction and network requests.
Sanitization: Absent. The skill does not describe any methods for sanitizing or validating the content read from files before it is processed by the agent.

agentica-claude-proxy