The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it automatically extracts and processes instructions from conversation history and user arguments to generate new executable skill code.
Ingestion points: The skill reads the $ARGUMENTS variable and the current conversation history (tools used, commands, steps) to draft the new skill's content.
Boundary markers: No explicit delimiters or instructions are provided to the agent to isolate or ignore potentially malicious instructions embedded within the extracted workflow data.
Capability inventory: The skill can create new directories and execute a specialized creation tool (/skill-creator) to write persistent files to /home/vimkim/temp/my-cubrid-skills/.
Sanitization: The skill lacks logic to validate or sanitize the data extracted from the conversation before using it to generate new SKILL.md and script files.
[COMMAND_EXECUTION]: The skill performs directory creation on the local file system and provides instructions for the user to execute local build/install scripts (e.g., just install). These operations are consistent with its stated purpose of local development and repository management.

my-cubrid-skills-create