The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the dynamic context injection syntax !echo "$1" in the Context section of SKILL.md. This pattern directly interpolates a user-supplied argument into a shell command that is executed during the skill's initialization phase. Because the input is not sanitized, an attacker can provide a path string containing shell metacharacters (e.g., ;, &, or backticks) to execute arbitrary commands on the host system.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: It reads project files using the Read, Grep, and Glob tools in Step 1. Boundary markers: The skill instructions do not specify any delimiters or directives to ignore instructions embedded within the code it analyzes. Capability inventory: The skill has access to powerful tools including Write, Edit, MultiEdit, and several Bash variants for build and test execution (e.g., npx, npm run, pytest, cargo). Sanitization: No sanitization or validation is performed on the code content before it is processed by the agent. This allows malicious code comments to potentially influence the agent's behavior during the refactoring process.

dry-consolidation