The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The ControllerHandler (SKILL.md) and DispatcherMiddleware (references/examples.md) templates utilize dynamic method invocation ($instance->$action). This pattern can be exploited for arbitrary code execution if the controller or action name is derived from unvalidated request attributes.\n- [DATA_EXFILTRATION]: The ErrorHandlingMiddleware template (SKILL.md) provides an option to expose full exception stack traces to the client in JSON format when debug mode is enabled. This can result in the leakage of sensitive internal logic and environment details to external users.\n- [PROMPT_INJECTION]: The RateLimitMiddleware template (references/templates.md) uses the X-Forwarded-For header for identifying clients. This creates an indirect prompt injection surface where attackers can spoof headers to bypass rate limits or manipulate cache keys, as the template lacks verification of the proxy source.\n
Ingestion points: Untrusted data enters the agent context through the ServerRequestInterface headers (e.g., Authorization, X-Forwarded-For) and attributes.\n
Boundary markers: The generated templates do not include markers to isolate or ignore instructions embedded within the HTTP request data.\n
Capability inventory: The skill facilitates capabilities including dynamic code execution, session modification, and system logging based on request data.\n
Sanitization: The code templates lack sanitization for request-derived attributes and do not validate the source of identifying headers.

create-psr15-middleware