The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/generate_report.py script includes a method to generate shell scripts and grant them execution permissions using chmod 0o755. This capability allows for dynamic script generation which could be exploited to execute arbitrary code on the host if untrusted content is provided as input.
[COMMAND_EXECUTION]: The skill's metadata in SKILL.md requests broad Bash(cmd:*) permissions, which allows the assistant to execute any shell command.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes application data that may be attacker-controlled.
Ingestion points: The scripts scripts/profile_application.py and scripts/analyze_results.py read and process files and directories from the local filesystem.
Boundary markers: No delimiters or specific warnings are implemented to prevent the AI from following instructions found within the files it profiles.
Capability inventory: The skill has the ability to write files, modify permissions to make files executable, and run any command via the Bash tool.
Sanitization: The script generation logic does not include sanitization of the content before writing it to an executable shell script.

profiling-application-performance