The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (scripts/generate_image.py) via the shell using the python3 command to perform image generation tasks.\n- [COMMAND_EXECUTION]: The instructions direct the agent to create directories and write files to a specific, hardcoded local path (/Users/ugreen/Documents/obsidian/09image/...), which represents an invasive access to the local filesystem and targets a specific user's environment.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection and command injection because user-provided brand names and descriptions are used to construct shell command arguments and file paths in Phase 3. The instructions lack sanitization steps to ensure that shell metacharacters (e.g., ;, &, |) are not interpreted by the terminal.\n- [PROMPT_INJECTION]: As an indirect prompt injection surface, the skill ingests untrusted user descriptions in Phase 1 and interpolates them directly into a shell execution context in Phase 3 without boundary markers or escaping logic (Category 8).

logo-batch-generator