The Agent Skills Directory

[COMMAND_EXECUTION]: The generated Makefile contains an unquoted shell variable expansion for the health check URL. The instruction @curl -s $${HEALTH_URL:-http://localhost/health} allows the shell to expand the HEALTH_URL environment variable without quoting. If this variable contains shell metacharacters (e.g., ;, &&, or |), an attacker or a malicious environment configuration can trigger arbitrary command execution when the user runs make status.
[REMOTE_CODE_EXECUTION]: The skill implements a pattern where the output of a network request is piped directly to the python3 interpreter. While the provided template specifies the -m json.tool module for formatting, this "pipe-to-interpreter" pattern is a high-risk vector for remote code execution. When combined with the unquoted variable expansion in the same command line, it increases the risk of an attacker subverting the command to execute arbitrary Python code.
[PROMPT_INJECTION]: The skill's architecture for generating deployment scripts is susceptible to indirect prompt injection because it interpolates untrusted data into executable files without sanitization.
Ingestion points: User-provided values from the 'Interactive Questionnaire' (e.g., Project type, Health URL, User/Server targets) in SKILL.md are used to fill script templates.
Boundary markers: Absent; the skill uses simple {PLACEHOLDER} markers without instructing the AI agent to use delimiters or treat the input as untrusted data.
Capability inventory: The generated scripts (deploy.sh, verify.sh, Makefile) have extensive system access, including file system writes, rsync network transfers, and shell execution.
Sanitization: Absent; there are no instructions or regex patterns provided to the AI agent to escape or validate user-supplied strings before they are written into the generated shell scripts.

deploy