The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to execute a local Python script (scripts/generate_missing_entries.py). The contents of this script are not provided in the context, posing a risk of arbitrary code execution on the host machine if the script contains malicious logic.\n- PROMPT_INJECTION (HIGH): Vulnerability to Indirect Prompt Injection (Category 8). Mandatory evidence chain: 1. Ingestion points: The skill processes SKILL.md frontmatter descriptions and external skill list files (AGENTS.md or plain text files). 2. Boundary markers: Absent. The skill provides no instructions to wrap ingested content in delimiters or ignore embedded commands. 3. Capability inventory: The agent has read/write access to the local Obsidian vault (embrace chaos/skill百科全书.md). 4. Sanitization: Absent. The workflow explicitly encourages using the external description field verbatim. This allows a malicious skill to inject instructions into the encyclopedia note that could compromise the agent's future behavior when it reads that note.\n- DATA_EXFILTRATION (LOW): While no network activity is explicitly shown, the skill systematically aggregates local file paths, skill names, and descriptions into a centralized file, which simplifies the targeting and extraction of local filesystem structure for an attacker.

skill-encyclopedia-updater-universal