The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Attack Surface. The skill ingests untrusted data from external reports and PRD files which can influence agent behavior.
Ingestion points: The skill reads findings from audit reports (EARS-NN.A_audit_report_vNNN.md), review reports, and upstream PRD documents in SKILL.md.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic for these external files.
Capability inventory: The skill possesses extensive file system capabilities including directory creation (os.makedirs), file movement (shutil.move), and file writing (Path.write_text) across several files.
Sanitization: There is no evidence of content sanitization or validation for the data extracted from reports before it is used to modify the workspace.
[COMMAND_EXECUTION]: Potential Shell Command Injection. The skill instructs the agent to execute shell commands such as 'sha256sum <upstream_file_path>' in Phase 6.0.1. If the upstream path is manipulated by an attacker through a malicious report or directory structure, it could lead to command injection.

doc-ears-fixer