The Agent Skills Directory

[Privilege Escalation] (HIGH): The SKILL.md file explicitly instructs the agent to perform system-level package installations using elevated privileges, specifically sudo apt update && sudo apt install python3. Autonomous agents should not be encouraged to use sudo due to the risk of system compromise.
[Indirect Prompt Injection] (HIGH): The skill's core workflow relies on retrieving data from CSV files and using it to generate implementation code, creating a high-risk injection surface.
Ingestion points: The core.py script loads data from various CSV files (e.g., prompts.csv, styles.csv) in the data/ directory based on user-provided keywords.
Boundary markers: Absent. The instructions do not provide delimiters or warnings for the agent to distinguish between the database data and instructions.
Capability inventory: The agent is instructed to build, create, implement, and refactor code directly based on the search results.
Sanitization: No sanitization of the CSV content is performed in core.py before the data is returned to the agent context.
[Command Execution] (MEDIUM): The skill workflow involves executing local Python scripts (search.py) with user-provided strings passed as command-line arguments. While the script uses argparse, the pattern in SKILL.md (python3 ... "<keyword>") relies entirely on the agent to prevent shell metacharacter injection.

ui-ux-pro-max