The Agent Skills Directory

[COMMAND_EXECUTION]: The skill workflow in Phase 6 utilizes the run_command tool to execute node scripts/seed_blogs.js. This operation executes logic that depends on the state of scripts/blog_data.js, a file modified by the agent immediately prior to execution.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in its database seeding phase. Ingestion points: User-controlled or agent-generated content, specifically [FULL_MARKDOWN_CONTENT] and [BLOG_TITLE], are written directly into the scripts/blog_data.js file. Boundary markers: There are no boundary markers or delimiters provided to isolate the injected content from the surrounding Javascript object structure. Capability inventory: The agent has access to run_command, write_to_file, and replace_file_content, enabling both the modification and execution of scripts. Sanitization: No instructions are provided for sanitizing or escaping characters in the blog content (e.g., quotes or semicolons), which could allow malicious content to escape the Javascript string context and execute arbitrary code when the seed script is run.

blog-writing-mastery