The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill defines a high-risk attack surface by design. It is intended to process external security data (vulnerability reports, scan results, or code) which are often attacker-influenced. \n
Ingestion points: Processes external vulnerability patterns and report data as described in the 'When to Use' and 'Capabilities' sections. \n
Boundary markers: Absent. There are no instructions to the agent to distinguish between user instructions and potentially malicious content within the processed security data. \n
Capability inventory: The skill requests Bash, Write, and Edit tools. This combination allows for arbitrary code execution and file system modification if the agent is coerced by a payload in the input data. \n
Sanitization: None provided. The skill lack safeguards to filter or escape instructions embedded in the data it processes.\n- [Command Execution] (MEDIUM): The skill explicitly requests the Bash tool for its operations. While no malicious shell scripts are provided in the source, the combination of command execution capabilities with the processing of untrusted security artifacts poses a significant operational risk.

vulnerability-report-generator