The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/generate_report.py contains a generate_script function that writes a string template to a file and explicitly grants it executable permissions using chmod(0o755). This capability allows the agent to dynamically create and potentially execute arbitrary shell scripts.
[COMMAND_EXECUTION]: The file scripts/setup_environment.sh is a Python script disguised with a shell script extension. While it currently performs directory and configuration file creation, this naming mismatch can be a technique used to evade simple file-type security policies or human review.
[PROMPT_INJECTION]: The skill is designed to ingest and analyze external source code for memory leak patterns, which exposes the agent to indirect prompt injection. Maliciously crafted code or comments in the analyzed files could contain instructions that the agent might follow.
Ingestion points: Target source code files being analyzed (referenced in SKILL.md instructions).
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the processing logic.
Capability inventory: The skill has access to powerful tools including Bash, Write, Edit, and Grep.
Sanitization: There is no evidence of sanitization or validation of the content read from external source files.

detecting-memory-leaks