The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The skill ingests untrusted user-supplied data and uses it within a script that has file-system write capabilities.\n- Ingestion points: The 'data' argument in 'scripts/barcode_generator.py' is directly processed by the barcode generator.\n- Boundary markers: No boundary markers or 'ignore' instructions are present to prevent embedded commands from being processed by the agent or subsequent tools.\n- Capability inventory: The script has the capability to write files to the local disk using the 'bc.save()' method.\n- Sanitization: There is no evidence of data sanitization or validation before encoding.\n- Data Exposure & Exfiltration (MEDIUM): The skill accepts an unvalidated output path, creating a potential for path traversal attacks.\n- Evidence: In 'scripts/barcode_generator.py', the 'output' argument is converted to a 'Path' object and used directly in the 'bc.save()' call without ensuring the path remains within a restricted directory.\n- Unverifiable Dependencies & Remote Code Execution (LOW): The skill depends on the 'python-barcode' library, which is a third-party package.\n- Evidence: Referenced in 'scripts/barcode_generator.py' and the usage documentation.

barcode-generator