The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation provides examples of post-generation hooks in 'Step 7: Post-Generation Hooks' that execute commands such as 'pip install -r requirements.txt'. If an agent follows these instructions on a template containing a malicious requirements file, it could lead to the installation of unauthorized packages.
[COMMAND_EXECUTION]: The skill describes workflows involving 'os.system()' calls to initialize repositories and install dependencies within generated projects. This pattern encourages the execution of shell commands based on generated content.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it defines a workflow for ingesting untrusted user data (variables like 'project_name' or 'description') and interpolating them into templates and scripts.
Ingestion points: User input is collected during 'Step 1: USER SELECTION' and defined as variables in 'Step 2: Variable Definition' within SKILL.md.
Boundary markers: The skill mentions regex validation in 'Step 6' but lacks explicit instructions to treat user-provided variables as untrusted or to use delimiters to prevent instruction injection.
Capability inventory: The skill allows the use of 'Bash', 'Write', and 'Edit' tools, enabling the agent to create and execute the scripts it generates.
Sanitization: While basic regex validation for variable names is suggested, there is no comprehensive sanitization mentioned for the content of the variables being rendered into templates.

universal-templating