The Agent Skills Directory

Dynamic Execution (LOW): The skill uses the ! syntax in SKILL.md to dynamically generate prompt content by executing npx @localheroai/cli glossary and npx @localheroai/cli settings. While this is necessary for the skill's primary purpose of providing context, it introduces runtime variability into the system prompt. Severity reduced from MEDIUM as this is central to the skill's functionality.
External Downloads (LOW): The skill relies on @localheroai/cli distributed via the npm registry. This is an external dependency not included in the predefined trusted list. Severity reduced from MEDIUM as the tool is the primary interface for the service the skill supports.
Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection if an attacker can control the contents of the glossary or settings on the Localhero.ai platform. 1. Ingestion points: External data is fetched and interpolated into SKILL.md at lines 48 (glossary) and 52 (settings). 2. Boundary markers: Absent; the command output is echoed directly into the prompt without delimiters or warnings. 3. Capability inventory: The agent is granted Bash tool access specifically to run any subcommand of npx @localheroai/cli, which can modify local files and interact with the network. 4. Sanitization: Absent; data returned from the CLI is not validated or escaped before being presented to the LLM.

localhero