The Agent Skills Directory

[PROMPT_INJECTION]: The scripts/generate_crud.py script exhibits an indirect prompt injection surface by accepting unvalidated input from the agent's context and using it for file system operations.
Ingestion points: The --feature and --fields arguments in scripts/generate_crud.py are populated from user-controlled input.
Boundary markers: Absent; there are no instructions or delimiters defining the boundary between trusted instructions and untrusted data.
Capability inventory: The script uses the Bash tool and Python's pathlib to create directories (mkdir) and write multiple files (write_text) to the local file system.
Sanitization: Absent; the script performs basic case conversion but does not filter for path traversal sequences like ../ or sanitize inputs used in template string replacement, which could allow a malicious user to control the output path or inject code into the generated NestJS modules.
[COMMAND_EXECUTION]: The skill relies on executing a local Python script via the Bash tool to perform its primary function. This script dynamically constructs a directory structure and writes multiple source files based on user-supplied parameters.

nestjs-drizzle-crud-generator