The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is designed to process user-provided content to generate summaries while requesting the Bash, Write, and Edit tools. This combination represents a high-risk attack surface where an attacker could embed malicious instructions within the text being summarized to gain control over the underlying system.
Ingestion points: Processes user requests and external context triggered by 'executive summary' keywords (SKILL.md).
Boundary markers: None present; there are no instructions to ignore embedded commands or treat input as data only.
Capability inventory: Authorization for Bash, Read, Write, and Edit tools grants full filesystem and shell access (SKILL.md frontmatter).
Sanitization: No sanitization or validation logic is defined to prevent instructions in summarized data from reaching the tool execution layer.
Command Execution (HIGH): The manifest explicitly authorizes the use of the Bash tool. In the context of an AI agent, this allows for the execution of arbitrary shell commands if the agent is misled by the input content.
No Code (INFO): The analyzed skill contains only a metadata file (SKILL.md). While no malicious scripts are included in this specific file, the configuration itself creates a high-risk environment by granting excessive permissions for the stated purpose.

executive-summary-creator