skill-generator

The code scaffolds skill directories and writes a SKILL.md using values from skill-config.json. It contains no direct indicators of malware (no networking/backdoors/obfuscation), but it uses unsafe practices: unvalidated interpolation of configuration into shell commands and filesystem paths, and generation of documentation that contains executable snippets referencing attacker-controlled paths. These behaviors enable path traversal, file overwrite, and command-injection vectors if the configuration or downstream execution context is attacker-controlled. Mitigation: validate and sanitize inputs, avoid shell interpolation, use safe filesystem APIs, and do not embed runnable commands containing untrusted data.

This code is a legitimate operational template for orchestrating LLM calls but contains risky patterns: it reads workspace files and runtime variables, builds prompts, and executes them via a shell-invoked CLI. The main security concerns are data exfiltration (sending file contents and context to third-party LLMs) and potential shell command injection because escapePrompt is incomplete. There is no clear evidence of intentional malware or backdoor behavior in the snippet, but the structural risks are significant for privacy and command injection. Treat use of this template with caution: sanitize and minimize data sent to LLMs, and switch to safer CLI invocation methods where possible.