The Agent Skills Directory

[COMMAND_EXECUTION]: The skill configuration in SKILL.md requests the Bash(cmd:*) tool, which provides the agent with unrestricted shell access. This is a high-privilege capability that increases the impact of any potential injection or exploit.
[REMOTE_CODE_EXECUTION]: The script scripts/generate_config.py contains a generate_script method that assembles a shell script by concatenating a template with the content argument and then executes chmod(0o755) to make the file executable. This facilitates dynamic script generation and execution, which can be exploited to run arbitrary commands if the input content is not strictly validated.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted user requirements and uses them to generate implementation artifacts.
Ingestion points: User requirements and system goals collected in Step 1 of the instructions.
Boundary markers: The instructions lack delimiters or explicit warnings to the agent to ignore instructions embedded within the user-provided configuration data.
Capability inventory: The skill has the ability to write files, grep/glob the filesystem, and execute arbitrary bash commands.
Sanitization: No sanitization or validation logic is present in scripts/generate_config.py to check the content being written into executable bash scripts.

configuring-auto-scaling-policies