The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute Python scripts (run_loop.py and generate_report.py) located in a directory relative to the skill root (../skill-shaper/scripts/). These scripts are external to the skill's own directory, which introduces a dependency on external code that cannot be verified from the skill definition alone.\n- [PROMPT_INJECTION]: The skill uses an $ARGUMENTS variable to define a file path that is subsequently used in a shell command. If the agent does not properly sanitize this input, it could be susceptible to command injection if a malicious user provides input containing shell operators.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Ingestion points: evaluation queries from .skill-eval/evals/ and the skill's own SKILL.md. Boundary markers: None provided to delimit untrusted query data. Capability inventory: Bash execution and Write access to the file system. Sanitization: No validation or filtering of input data is mentioned before processing or writing back to files.

optimize-description