The Agent Skills Directory

[Category 8: Indirect Prompt Injection] (HIGH): The skill ingests untrusted project specifications (spec) to generate executable artifacts like init.sh. A malicious specification could trick the agent into injecting backdoor commands or malicious dependencies into the project scaffold. * Ingestion points: scripts/initializer.py and scripts/feature_generator.py (via the spec argument). * Boundary markers: None identified; the agent appears to interpolate user input directly into its reasoning process. * Capability inventory: File system write access, execution of git commands, and generation of shell scripts that execute with user privileges. * Sanitization: No sanitization or validation logic is present to ensure the spec does not contain instructional overrides.- [Category 4: Command Execution] (MEDIUM): The skill automates environment setup by generating an init.sh script that runs npm install. This involves downloading and executing third-party code from external registries which can be a vector for supply chain attacks.

initializer-agent