The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill attempts to execute a local script at scripts/analyze_skill.py. However, this script is not provided in the skill package for analysis. Executing unverified code logic poses a high risk as the script's behavior cannot be audited.\n- [PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8). It is designed to ingest and analyze untrusted content from user-provided directory paths. Evidence Chain: (1) Ingestion: The skill reads external files via $ARGUMENTS using Read, Glob, and Grep tools. (2) Boundaries: There are no instruction delimiters or 'ignore' instructions specified for the untrusted content. (3) Capabilities: The skill has access to the Bash tool and can write/modify files (based on the instruction to 'Generate optimized SKILL.md'). (4) Sanitization: No sanitization or validation of the input skill content is performed before processing. An attacker could place a malicious SKILL.md in the target directory that contains instructions to hijack the agent via the Bash tool.

skill-optimizer