The Agent Skills Directory

[COMMAND_EXECUTION]: Dynamic code execution via rule definitions. The file assets/compliance_rules.json contains embedded Python code snippets and success conditions (e.g., in SOC2 and PCI-DSS checks) that are intended to be executed at runtime. This allows for arbitrary code execution if the rules file is malicious or modified.
[COMMAND_EXECUTION]: Misleading file extensions. The script scripts/compliance_scan.sh is named with a .sh extension but contains Python source code and a Python shebang (#!/usr/bin/env python3), which can obfuscate the nature of the execution environment.
[PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface. 1. Ingestion points: The skill reads external infrastructure configurations (e.g., assets/example_infrastructure_config.yaml) and rule definitions. 2. Boundary markers: The SKILL.md does not define delimiters to isolate external data from instructions. 3. Capability inventory: The skill is allowed to use Bash(cmd:*), Read, and Edit tools. 4. Sanitization: No sanitization or validation of external content is implemented in the provided script templates.

checking-infrastructure-compliance