The Agent Skills Directory

[COMMAND_EXECUTION]: Path traversal vulnerability in scripts/archive-project.py. The script uses a project-name argument to construct file paths (Path(f"projects/{project-name}")) without sanitization, allowing an attacker to use ../ sequences to manipulate files outside the projects/ directory.
[COMMAND_EXECUTION]: Path traversal vulnerability in scripts/setup-project.sh. The shell script creates directories using a user-provided project name without validation, enabling directory creation in unauthorized locations via path traversal.
[COMMAND_EXECUTION]: The skill's operation relies on the execution of multiple local scripts that perform file system operations based on unvalidated user input, increasing the potential attack surface.
[PROMPT_INJECTION]: Surface for indirect prompt injection in scripts/extract-template.py. The skill extracts stylistic patterns and 'unique expressions' from user-provided articles. If the input contains malicious instructions, they could be saved into the writing template and influence the agent's behavior during the content generation phase.
Ingestion points: scripts/extract-template.py processes user-supplied markdown files, and scripts/wps-read.py reads content from WPS notes.
Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the script logic or skill instructions.
Capability inventory: The skill has file system access (read/write) and can interact with the WPS Note API through MCP tools.
Sanitization: Extracted stylistic patterns and unique expressions are stored in JSON templates without validation or escaping.

content-creator