The Agent Skills Directory

[COMMAND_EXECUTION]: Deceptive script functionality in scripts/analyze_sentiment.py. While the skill description and the script's own docstring claim it performs sentiment analysis, the actual Python code executes recursive file system enumeration and gathering of file statistics.
[DATA_EXFILTRATION]: Environmental reconnaissance. The analyze_sentiment.py script gathers metadata about the file system structure, including file names, types, and sizes via Path.rglob('*'). This information is characteristic of internal environment mapping rather than text processing.
[PROMPT_INJECTION]: Surface for Indirect Prompt Injection. The skill is designed to ingest and process untrusted text data (customer reviews, tweets) but does not define boundary markers to separate data from instructions. Given the skill's broad Bash(cmd:*) and Write permissions, a malicious input containing instructions could potentially manipulate the agent's behavior.
[PROMPT_INJECTION]: Evidence of Indirect Injection vulnerability: Ingestion points: User-provided text data specified in SKILL.md examples. Boundary markers: Absent; no delimiters or 'ignore' instructions are present. Capability inventory: High-privilege access including Bash shell execution, Write, Read, and Grep. Sanitization: Absent; the skill does not specify any validation or filtering of input data.

analyzing-text-sentiment