The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file specifies Bash(cmd:*) in its allowed-tools section, which permits the execution of any arbitrary command on the system. This provides a powerful vector for exploitation if the agent is manipulated through malicious input.
[DATA_EXFILTRATION]: The scripts/data_analyzer.py script performs recursive directory traversal using Path.rglob('*'). While its primary function is to report on file sizes and types, the ability to crawl the entire filesystem combined with unrestricted bash access allows for the potential discovery and exfiltration of sensitive data.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted filesystem data.
Ingestion points: Path inputs provided to the scripts/data_analyzer.py script and file metadata collected during directory scanning.
Boundary markers: No explicit markers or instructions are present to distinguish between legitimate data and potential malicious commands embedded in file or directory names.
Capability inventory: The skill possesses unrestricted bash execution (Bash(cmd:*)) and broad file system access tools (Read, Write, Edit).
Sanitization: There is no evidence of path validation or sanitization within the scripts to prevent injection attacks targeting the filesystem traversal logic.

creating-data-visualizations