The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions provide shell script templates that interpolate user-provided text and file paths directly into variable assignments (e.g., TEXT="{{user_text}}" and FILE_PATH="{{user_path}}"). This pattern is highly vulnerable to command injection; if the user input contains shell metacharacters like backticks, semicolons, or command substitution syntax, it will result in arbitrary code execution when the agent runs the generated script.
[DATA_EXFILTRATION]: The skill is designed to transmit user-supplied text and documents to DeepL's API endpoints (api.deepl.com and api-free.deepl.com). Although this is the intended purpose, it involves sending potentially sensitive data to a third-party service.
[PROMPT_INJECTION]: The skill processes untrusted input from documents and XLIFF files. It lacks boundary markers or instructions to the agent to disregard instructions found within the text to be translated, making it vulnerable to indirect prompt injection where malicious content could influence the agent's subsequent actions.
Ingestion points: {{user_text}} and {{user_path}} (specifically .xlf, .docx, and .pdf files).
Boundary markers: Absent; no instructions are provided to the agent to treat the processed text strictly as data.
Capability inventory: The skill utilizes multiple subprocess calls including curl, jq, xmllint, sed, and python.
Sanitization: No validation or sanitization of the input content is performed before it is processed by the agent or included in tool outputs.

deepl