The Agent Skills Directory

[COMMAND_EXECUTION]: The procedure instructs the agent to execute shell commands (e.g., say, espeak) by interpolating the text_content parameter directly into the command string. This pattern is vulnerable to command injection because shell metacharacters (such as ;, |, or $()) within the user input could be used to execute unauthorized commands on the host machine.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from the user and uses it in potentially dangerous system calls without sanitization. * Ingestion points: text_content parameter in SKILL.md. * Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat the input as literal data only. * Capability inventory: The skill can invoke subprocesses like say, espeak, spd-say, curl, afplay, mpv, and aplay. * Sanitization: Absent. The skill lacks logic to validate, escape, or sanitize the user-provided text.- [EXTERNAL_DOWNLOADS]: The skill uses curl to fetch audio data from the official OpenAI API (api.openai.com) for high-quality speech synthesis. This is a reference to a well-known service used for the skill's primary functionality.

text-to-speech