The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/subsystem-compile.ps1 contains a path traversal vulnerability.\n
Evidence: The variable $objName is sourced directly from the name field of the input JSON definition. This variable is used to construct file paths (e.g., Join-Path $subsDir \"$objName.xml\") and directory paths. A malicious payload in the name field (e.g., ../../../backdoor) could allow arbitrary file writes across the file system.\n
Capability: File system write access via [System.IO.File]::WriteAllText and directory creation via New-Item.\n- [COMMAND_EXECUTION]: Dynamic execution of an external PowerShell script.\n
Evidence: The script subsystem-compile.ps1 executes powershell.exe -NoProfile -File $validateScript. The variable $validateScript is a computed path targeting a sibling directory (..\\..\\subsystem-validate) and executing its script.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection via unsanitized data ingestion.\n
Ingestion points: Data enters the skill via the -Value or -DefinitionFile parameters in scripts/subsystem-compile.ps1.\n
Boundary markers: None are present to distinguish between data and instructions.\n
Capability inventory: File system write access, directory creation, and command execution.\n
Sanitization: The script performs XML escaping for the file content but fails to sanitize input used for file system paths and identifiers.

subsystem-compile