The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill relies on shell commands for environment management and cleanup. Specifically, commands like 'rm -rf test_data/sessions//' are risky because the session ID is dynamically sourced from API responses and used directly in a destructive shell command without validation.\n- [INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill exhibits an attack surface for indirect prompt injection by processing external data and using it to drive subsequent actions. 1. Ingestion points: API responses from localhost:8001. 2. Boundary markers: Absent; there are no instructions to disregard embedded commands in the data. 3. Capability inventory: File system modification (rm -rf), local process execution (uv run), and network requests (curl). 4. Sanitization: None; data from API responses is interpolated directly into shell command strings.

backend-tester