The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill creates a high-severity vulnerability surface for indirect prompt injection. Ingestion points: The result_aggregator.py script (lines 134-145) reads and parses external JSON result files to extract user-specified metrics. Boundary markers: Absent. The skill does not implement delimiters or 'ignore embedded instruction' warnings when processing this external content. Capability inventory: The agent is explicitly granted Bash, Write, Read, Grep, and Glob tools in the SKILL.md file. Sanitization: There is no evidence of validation or sanitization of the metric values extracted from external files. This configuration allows an attacker to embed malicious instructions in simulation outputs that the agent may subsequently execute using its available tools.
[COMMAND_EXECUTION] (MEDIUM): The campaign_manager.py script (lines 80-87) dynamically constructs shell command strings by interpolating paths into a user-provided template. While the internal path generation is currently constrained, the overall design encourages the agent to execute dynamically generated strings in a Bash environment, which is inherently dangerous when the agent is also processing untrusted external data.

simulation-orchestrator