The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill instructs the agent to execute a local Python script using arguments extracted directly from external files. This pattern is susceptible to command injection if metadata, such as plugin names or descriptions, contains shell metacharacters, as no sanitization step is defined in the workflow.
PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface (Category 8) by aggregating untrusted metadata from multiple sources into a central configuration. Ingestion points: Metadata extracted from plugin, agent, and command files. Boundary markers: None specified in the documentation. Capability inventory: File system write access and execution of a Python helper script. Sanitization: The skill performs structural validation (JSON syntax) but lacks content-based sanitization to prevent malicious instructions from being embedded in plugin metadata.

marketplace-update