The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is vulnerable to indirect injection because it processes untrusted user input to determine file system paths and code structure without sanitization.
Ingestion points: The <module> and <resource> placeholders in the file path and Go templates are populated from user instructions.
Boundary markers: No delimiters or instructions to ignore embedded commands in the user-provided names are present.
Capability inventory: The skill workflow includes writing files to the filesystem and executing the make lint command.
Sanitization: There is no evidence of validation or escaping for the module or resource names, allowing for potential path traversal (e.g., using ../../ in a resource name).
[Command Execution] (MEDIUM): The skill mandates the execution of local system commands after code generation.
Evidence: Rule 12 and Workflow step 6 require running make lint.
Risk: If the generated code is successfully poisoned via indirect injection, the subsequent execution of build or linting tools can be leveraged for further exploitation.
[External Downloads] (MEDIUM): The generated code templates depend on untrusted external Go packages.
Evidence: Imports of github.com/cristiano-pacheco/bricks and github.com/cristiano-pacheco/pingo in the router implementation.
Status: These repositories are not within the defined [TRUST-SCOPE-RULE] for trusted organizations.

go-create-chi-router