The Agent Skills Directory

[COMMAND_EXECUTION]: The ConstructionDAGBuilder class in SKILL.md utilizes string concatenation and f-strings to generate Python source code for Apache Airflow. The implementation of _generate_task_code directly interpolates user-controlled variables like task_id and bash_command into the Python code without any escaping or sanitization. This allows a user to break out of string delimiters and inject arbitrary Python code or shell commands into the resulting DAG file, which would then be executed by the Airflow scheduler or worker.
[PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing user-provided data for code generation. Ingestion points include project data and parameters defined in instructions.md. There is an absence of boundary markers or protective instructions when interpolating this untrusted data into the Airflow task templates. The skill's capability to write to the filesystem via save_dag and generate executable content increases the risk. No sanitization or validation of the input is performed before it is embedded into the executable structure.

airflow-dag