The Agent Skills Directory

[COMMAND_EXECUTION]: The generatePdfCurl function in generate.js is vulnerable to shell command injection.
Evidence: The script uses child_process.execSync to execute a curl command as a fallback mechanism. It interpolates the outputPath variable directly into the shell command string.
Vulnerability: Although the variable is enclosed in single quotes (e.g., -o '${outputPath}'), an attacker can easily break out of the quoting context by providing a filename containing a single quote and shell metacharacters (e.g., report.pdf'; touch /tmp/pwned; ').
Impact: Since the output path is derived from CLI arguments, this allows an attacker to execute arbitrary commands with the privileges of the user running the generator.
[PROMPT_INJECTION]: The skill processes external markdown data without sanitization, creating an attack surface for indirect prompt injection.
Ingestion points: The skill reads arbitrary content from the file path provided as the first CLI argument in generate.js.
Boundary markers: There are no boundary markers or explicit instructions to ignore embedded commands when interpolating the processed markdown into HTML templates.
Capability inventory: The skill can write to the local file system (fs.writeFileSync), perform network operations (API calls to Nutrient and fallback curl execution), and execute shell commands (execSync).
Sanitization: No sanitization, validation, or escaping is performed on the markdown content before it is converted to HTML and embedded in the templates, allowing potentially malicious instructions in the data to influence downstream agent actions.

elegant-reports