The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it reads and processes untrusted documentation files (SKILL.md, README.md) for translation.
Ingestion points: SKILL.md and README.md files located in the skill directory or provided skill path.
Boundary markers: The instructions do not define clear delimiters or warnings to ignore instructions within the source text being translated.
Capability inventory: Access to read/write files and execute shell commands (cat, jq, mv) to manage state.
Sanitization: No evidence of sanitization or safety checks on the content of the files before passing them to the translation process.
COMMAND_EXECUTION (LOW): The skill utilizes shell subprocesses to read and write its configuration file and to determine file system paths.
Evidence: Shell commands in SKILL.md like SKILL_NAME=$(basename "$(pwd)") and SKILL_CONFIG=$(echo "$CONFIG" | jq -r ".skills_config["$SKILL_NAME"] // null") rely on unvalidated environment data (directory names) being interpolated into command strings.

skill-i18n