The Agent Skills Directory

[PROMPT_INJECTION]: Evaluated the skill for indirect prompt injection risks. The tool ingests user-provided descriptions and argument hints to generate Markdown command files. While these free-text fields lack complex sanitization against injection markers, the skill implements strict regex validation (/^[a-z][a-z0-9-]*$/) for critical identifiers such as name and group. This prevents attackers from manipulating file paths or introducing directory traversal. The risk of persisting malicious instructions is inherent to the command generation use case and is mitigated by the structured template and clear manual review steps in the workflow.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool for routine administrative tasks such as directory creation and file presence verification. All variables interpolated into shell commands are strictly validated against a safe alphanumeric and hyphen character set, effectively neutralizing the risk of shell command injection.

command-generator