The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands using AI-generated content which can lead to arbitrary command execution if the content includes shell metacharacters. Specifically, the command 'qmd query "$(cat <<EOF ... EOF)"' uses a non-quoted heredoc. If the AI-generated intent, lex, or hyde fields contain shell subshells like '$(command)' or backticks, the host shell will execute those commands during the 'cat' evaluation step.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the wiki to synthesize responses.
Ingestion points: The skill reads wiki pages identified during the search process ('SKILL.md') and the central 'wiki/index.md' file.
Boundary markers: No boundary markers or instructions to ignore embedded commands are used when processing the retrieved wiki content.
Capability inventory: The agent has the ability to execute shell commands ('qmd', 'grep'), call MCP tools ('mcp__qmd__query'), and write files to the repository ('wiki/sources/', 'wiki/log.md').
Sanitization: There is no evidence of sanitization or validation of the content retrieved from the wiki before it is used for synthesis or file-writing operations.

wiki-query