The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill implements a code generation workflow using templates with user-controlled placeholders such as {model_name} and {table_name}. Because tools like Bash and Write are permitted, malicious input could lead to arbitrary command execution or unauthorized file modification. 1. Ingestion points: Placeholder variables in all template files. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Write, MultiEdit. 4. Sanitization: Absent.
[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill specifies several 'grey-haven' skills as dependencies that are not from trusted organizations and are automatically loaded without verification.
[Metadata Poisoning] (MEDIUM): Conflicting version information (v1.0 vs v2.0.74) is present between the YAML headers and the markdown body, which could mislead users or agents.
[Data Exposure & Exfiltration] (LOW): The SQLModel template includes an example database connection string with hardcoded placeholder credentials (postgresql://user:pass@localhost/db).
[Dynamic Execution] (LOW): The FastAPI template uses setattr to dynamically update model fields from request data, which can lead to mass assignment vulnerabilities if input schemas are not strictly validated.

grey-haven-data-validation