The Agent Skills Directory

[COMMAND_EXECUTION]: Several Python generation scripts (e.g., create_backdrop.py, create_gravitational_recall.py, create_memory_force_poster.py) utilize hardcoded absolute file paths for output operations. For instance, projects/phosphor-archaeology/create_backdrop.py specifies an OUTPUT_PATH of /home/matt/projects/ggprompts-next/public/images/terminal-backdrop.png. The scripts use os.makedirs on these absolute paths, which could lead to unauthorized directory creation or file overwrites on systems with matching structures. Furthermore, the skill's primary mechanism relies on the agent writing, executing, and refining Python code at runtime to produce artifacts, which constitutes a dynamic execution pattern that could be exploited if generated code performs unintended system operations.
[DATA_EXFILTRATION]: The source code contains hardcoded absolute paths that reveal details about the developer's local environment, including the username ('matt') and internal directory hierarchy (e.g., /home/matt/projects/claudekit-skills/). This disclosure of environment metadata is a best-practice violation.
[PROMPT_INJECTION]: The skill implements a two-step process where user instructions influence a 'Design Philosophy' that subsequently drives the logic of generated Python code. This creates a surface for indirect prompt injection because the skill lack sanitization or boundary markers to prevent user-controlled input from injecting malicious logic into the generated scripts that are eventually executed by the agent.
Ingestion points: User instructions processed into the Design Philosophy (.md file).
Boundary markers: Absent in the instructions provided to the agent for code generation.
Capability inventory: The agent generates and executes Python scripts using os, PIL, and reportlab libraries (e.g., in generate_hero.py).
Sanitization: No explicit validation or escaping of user-derived concepts before they are incorporated into executable scripts.

canvas-design