The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/auto-iterate.js is vulnerable to shell command injection. It uses execSync to execute a Node.js command where the user-supplied story prompt is directly interpolated into the command string without sanitization or escaping. This allows an attacker to execute arbitrary system commands by including shell metacharacters in the prompt text.
[DATA_EXFILTRATION]: The skill manages and stores sensitive API keys for X2C, Giggle, and Gemini services within the credentials/ directory and config.json. The presence of a command injection vulnerability creates a significant risk that these credentials could be read and exfiltrated from the local system by an attacker.
[COMMAND_EXECUTION]: The skill's instructions in SKILL.md direct the AI agent to execute various shell scripts located in system paths (e.g., /opt/storyclaw/webchat-stream-ws.sh and /opt/storyclaw/add-video-task.sh). These operations represent high-privilege interactions with host-side utilities.
[PROMPT_INJECTION]: The skill processes untrusted user input (story prompts) and passes it to external LLMs for script generation and quality evaluation. The lack of explicit boundary markers or sanitization in the prompt handling logic makes the skill susceptible to indirect prompt injection attacks.

ai-director