The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file defines a shell command to run a Python script using string interpolation for user-controlled variables such as {site_id}, {site_url}, and {site_name}. This pattern allows for potential command injection if a user provides input containing shell metacharacters (e.g., backticks or subshells), although the use of double quotes in the template provides a basic level of mitigation.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data and uses it to drive subsequent actions and file system modifications.
- Ingestion points: User-provided inputs for site_id, site_url, site_type, and site_name defined in SKILL.md.
- Boundary markers: The inputs are wrapped in double quotes within the shell command instructions, but no further delimiters are used to isolate untrusted content.
- Capability inventory: The skill can execute Python, Bash, and Dart scripts, and it has the ability to create or overwrite files within the assets/ directory.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the user-provided strings within the generate_site_config.py script or the skill instructions.

Add Site