The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to run local processes, specifically starting the service with 'python app.py' and using 'nohup' for background execution.- [COMMAND_EXECUTION]: It exposes functionality to open system folders and files using default applications through the '/open_folder' and '/open_with_default_app' endpoints.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it performs destructive operations like file deletion based on user-supplied or metadata-derived paths.- [PROMPT_INJECTION]: Ingestion points: File paths, search terms, and metadata from processed images enter the context in SKILL.md and references/api-reference.md.- [PROMPT_INJECTION]: Boundary markers: The skill does not implement delimiters or instructions to prevent the agent from obeying commands embedded in image metadata or file names.- [PROMPT_INJECTION]: Capability inventory: The associated service can list files, read content, copy/move files, and delete files across the filesystem as documented in references/api-reference.md.- [PROMPT_INJECTION]: Sanitization: No path validation or input sanitization is specified to prevent directory traversal or unauthorized file access.

iib