The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes natural language input to generate execution templates, creating a surface for indirect prompt injection. A malicious description could potentially be parsed into a template containing dangerous commands or deceptive instructions for downstream agents.
Ingestion points: User-provided workflow description via the skill arguments.
Boundary markers: The skill does not use explicit boundary markers or directives to ignore instructions embedded within the user's description during parsing.
Capability inventory: The skill has access to Bash, Agent, and various file manipulation tools. The generated templates can invoke any executor in the Node Catalog, including shell commands and sub-agents.
Sanitization: There is no evidence of input sanitization or output validation for the generated args_template strings, though the user review step acts as a manual filter.
[COMMAND_EXECUTION]: The skill uses the Bash tool to manage session files and template directories (e.g., creating .workflow/templates/). While these operations are functional, they utilize a high-privilege tool to perform file system modifications based on processed user input (slugs derived from descriptions).

wf-composer