The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill leverages the Bash tool to perform file renaming operations. This introduces a risk of indirect prompt injection (Category 8) where malicious file names could be interpreted as commands if not properly escaped by the agent.\n- Ingestion points: File names are read into the agent's context using the Glob tool from the local file system.\n- Boundary markers: The prompt lacks specific instructions or delimiters to ensure that file names containing shell-sensitive characters (like backticks or dollar signs) are treated as literal strings.\n- Capability inventory: The skill possesses the capability to execute shell commands via Bash based on user-defined patterns and existing file names.\n- Sanitization: No explicit sanitization logic is provided to validate the safety of the filenames before they are passed to the shell tool.\n- Mitigation: The workflow includes a mandatory preview and manual confirmation step ("确认重命名？(y/n)"), which serves as a human-in-the-loop security control.

batch-renamer