The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions direct the agent to execute shell commands such as git clone and symbolic link creation (e.g., ln -s). These commands incorporate user-provided strings (repository URLs or file paths) as arguments, which can lead to command injection if the underlying agent platform does not sanitize the input.
[EXTERNAL_DOWNLOADS]: The workflow performs downloads from external sources by executing git clone on URLs provided by the user. While this is the intended function, it allows the introduction of external content into the local workspace.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the user and uses it to perform high-capability operations without explicit sanitization instructions.
Ingestion points: User input for the wiki repository path or git remote URL in SKILL.md step 1.
Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings for the agent to ignore instructions embedded in the user input.
Capability inventory: Execution of git clone, symbolic link creation, and file system writes (modifying .gitignore and creating .wiki links) as described in steps 2-B, 3, and 4 of SKILL.md.
Sanitization: Absent. There are no steps to escape shell metacharacters or validate the format of the provided URL/path beyond basic string matching.

wiki-link