The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions and scripts execute several high-privilege shell commands, including mc mirror, mkdir -p, and rm -f, which target paths within the /root/hiclaw-fs/ directory.
[REMOTE_CODE_EXECUTION]: The task_id variable is susceptible to command injection and path traversal. It is interpolated directly into shell commands in SKILL.md and used as a path component in scripts without sanitization or escaping. A malicious task_id containing shell metacharacters (e.g., ;, |, $(...)) or traversal sequences (e.g., ../) could allow an attacker to execute arbitrary code or manipulate files outside the intended directory.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted input (task_id) and uses it in critical operations without safety markers.
Ingestion points: The task_id parameter provided to shell scripts and synchronization commands.
Boundary markers: None present in the documentation or scripts.
Capability inventory: File system modification (write, delete, create) and network data synchronization via mc mirror.
Sanitization: There is no evidence of input validation, escaping, or path normalization for the task_id variable.

task-coordination