The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill defines shell logic in SKILL.md and references/beads-integration.md that directly interpolates user-provided variables like $FEATURE_TITLE, $criterion, and $prompt into shell commands for the bd (Beads) CLI. For example, the command EPIC_ID=$(bd create --type epic --title "$FEATURE_TITLE") is highly susceptible to command injection if the user input contains shell metacharacters like semicolons or pipes.
[REMOTE_CODE_EXECUTION] (HIGH): The command injection vulnerability in the requirement extraction and task creation logic provides a direct path for remote code execution on the host system where the agent executes these scripts.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on an external, unverified CLI utility named bd. The security of this dependency is not established, representing a supply chain risk.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted user prompts to generate technical tasks without using boundary markers or sanitization. Evidence: 1. Ingestion points: User prompts are captured in variables within SKILL.md. 2. Boundary markers: None identified. 3. Capability inventory: Execution of bd CLI commands. 4. Sanitization: Relies on simple grep patterns that do not prevent malicious command sequences.

Requirements Engineering