The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) due to its combination of user-controlled input and filesystem write capabilities. * Ingestion points: Untrusted data enters the agent context through the 'Event/content name' and 'Main message' fields gathered in Step 1 of SKILL.md. * Boundary markers: No delimiters or instructions to ignore embedded instructions are present in the workflow. * Capability inventory: The skill explicitly authorizes the agent to create directories and write files (SKILL.md Step 3 and 4). * Sanitization: No validation or sanitization is performed on the 'event-name' used in path construction, allowing for Path Traversal attacks (e.g., using '../../' as an event name).
COMMAND_EXECUTION (MEDIUM): The agent is instructed to perform side-effect-heavy operations on the host filesystem (creating nested directories and writing markdown files). While these are core features, the lack of restriction to a sandbox or specific safe-path validation elevates the risk of unintended file modification.

social-media-generator