The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The PostToolUse hook example in SKILL.md contains a shell command injection vulnerability. The command expands the $CLAUDE_TOOL_INPUT variable within double quotes in a shell pipeline (echo \"$CLAUDE_TOOL_INPUT\"), which allows for arbitrary code execution via subshell expansion syntax such as $(...) or backticks. An attacker could exploit this by providing tool input (like a filename) that includes a malicious payload. \n- PROMPT_INJECTION (SAFE): The skill is not vulnerable to indirect prompt injection. While the validate-markdown.py script ingests untrusted data from markdown files, its capability inventory is restricted to regex-based linting. It does not interpret or execute instructions found within the processed text, and thus the lack of sanitization or boundary markers does not present a runtime risk.

markdown-validation