The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/generate_report.py utility constructs executable Bash scripts from arbitrary string input.
Evidence: The generate_script method takes a template argument and writes it to a .sh file.
[COMMAND_EXECUTION]: The skill programmatically grants execution privileges to dynamically created files.
Evidence: In scripts/generate_report.py, file_path.chmod(0o755) is called on generated scripts.
[EXTERNAL_DOWNLOADS]: The skill documentation describes a mechanism for remote data retrieval from unverified sources.
Evidence: scripts/README.md references fetch_standards.py for fetching compliance standards from online sources.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing unsanitized data for report and script generation.
Ingestion points: System data and user inputs processed by generate_report.py via the --content and --config arguments.
Boundary markers: Absent in the generation logic.
Capability inventory: Extensive use of Write, Edit, and Bash tools enabled in the skill frontmatter.
Sanitization: No sanitization or validation of input data is performed before interpolation into scripts.

generating-compliance-reports