The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill checks for the existence of a sensitive authentication token at ~/.config/jetty/token during the orientation phase. While this is used for environment verification by the vendor, it involves accessing sensitive configuration files that contain authentication credentials.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to generate and execute a temporary shell script at /tmp/validate_runbook.sh. This dynamic script performs structural checks on the generated runbook, including searching for required sections and validating frontmatter fields. The script also includes logic to enforce bounded iteration and mandatory output file checks.\n- [EXTERNAL_DOWNLOADS]: The runbook templates (templates/programmatic.md and templates/rubric.md) provided by the skill include shell commands for package installation using pip. These instructions encourage the download and execution of external code, which could lead to remote code execution if the runbook is later executed with untrusted or malicious package names.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its handling of user-provided task descriptions. It interpolates these descriptions directly into the objective and processing steps of the generated runbook without sanitization or delimiters.\n
Ingestion points: Task descriptions are collected from the skill argument or via the AskUserQuestion tool in SKILL.md.\n
Boundary markers: The skill does not use boundary markers or delimiters when inserting user-provided content into the scaffolded runbook.\n
Capability inventory: The skill possesses the Bash, Write, and Edit tools, which can be leveraged if malicious instructions are injected into the generated runbook and executed by an agent.\n
Sanitization: No input validation, filtering, or escaping is applied to the user input before it is used to customize the runbook template.

create-runbook