The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. During Step 2 of its procedure, it retrieves the current content of a file, which is then used in Step 3 to inform the generation of new content. If the target file contains malicious instructions, the agent might inadvertently follow them while attempting to match the style or context.
Ingestion points: File content retrieval from file_path in Step 2.
Boundary markers: None provided to separate file data from instructions.
Capability inventory: File system search (find), file writing (write_file tool), and shell execution (cat, echo).
Sanitization: No sanitization or validation of the retrieved file content is performed.
[COMMAND_EXECUTION]: The 'Reference Commands' section includes a bash command template: cat {{FILE_PATH}} && echo '{{NEW_CONTENT}}' >> {{FILE_PATH}}. If an agent utilizes this shell command directly without sanitizing the FILE_PATH or NEW_CONTENT parameters, it could lead to arbitrary command execution via injection characters (e.g., backticks or semicolons). The skill procedure recommends using the write_file tool instead, which serves as a mitigation.

append-text-to-file