The Agent Skills Directory

[DATA_EXFILTRATION]: Path Traversal risk in file writing. The --out-dir and --name arguments are used in path.resolve without sanitization in src/index.ts. This allows a user or an agent influenced by malicious data to write files to arbitrary locations on the filesystem by using directory traversal sequences like ../.
[PROMPT_INJECTION]: Indirect Prompt Injection surface. The skill processes mission artifacts (task_*.json) and TASK_BOARD.md, which are untrusted data sources. Malicious content within these files can influence the generated logic pipeline, which is later executed by the logic engine.
Ingestion points: Files are read from missionDir/evidence/task_*.json and missionDir/TASK_BOARD.md using fs.readFileSync and safeReadFile in src/index.ts.
Boundary markers: No boundary markers or instructions are provided in the generated YAML to ensure the downstream engine ignores embedded instructions.
Capability inventory: The skill utilizes safeWriteFile to create logic configuration files and JSON backups.
Sanitization: The skill manually constructs YAML output via string concatenation of the args and skill fields from the source artifacts. There is no escaping or validation of these strings, allowing for structural injection or property overriding in the output YAML.

wisdom-distiller