The Agent Skills Directory

[COMMAND_EXECUTION]: The skill parses and executes arbitrary shell commands defined in markdown blocks. Evidence in references/TASK-PARSING.md shows regex-based extraction of commands from **Setup**: and **Action**: fields, which are then executed sequentially as described in SKILL.md.
[DATA_EXFILTRATION]: The skill implements automated data collection that can target sensitive system state. references/EVIDENCE-CAPTURE.md contains instructions for taking full-screen screenshots using platform-specific tools (screencapture, gnome-screenshot) and reading system log files (e.g., /var/log/app.log) or arbitrary file contents (head -n 50).
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its design for processing external data.
Ingestion points: Tasks are parsed from markdown files using regex patterns defined in references/TASK-PARSING.md.
Boundary markers: There are no markers or sanitization logic to distinguish between trusted instructions and potentially malicious commands embedded in processed markdown files.
Capability inventory: The skill allows arbitrary command execution, background process management (start/kill), and extensive file system reading.
Sanitization: No validation is performed on the extracted commands before they are passed to the shell for execution.
[COMMAND_EXECUTION]: The "No exceptions" and "STOP and Restart" sections in SKILL.md act as behavioral overrides that force the agent to follow the execution sequence regardless of context, potentially ensuring that malicious injected commands are executed without human intervention or safety-based skipping.

testing-end-user