The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill explicitly includes the 'run_command' tool. This capability allows the agent to execute arbitrary shell commands on the underlying system, which can be used to bypass security controls or access sensitive data.- [REMOTE_CODE_EXECUTION] (HIGH): While the skill does not explicitly download code from a URL, it is designed to write scripts ('write_file') and then execute them ('run_command'). This 'Toolsmith' pattern is functionally equivalent to RCE as the agent generates and runs arbitrary logic at runtime.- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes external data to automate tasks but lacks security controls. • Ingestion points: 'SKILL.md' (Jobs to Be Done) triggers tool creation from user-defined manual tasks. • Boundary markers: Absent. No instructions exist to ignore embedded commands in the tasks being automated. • Capability inventory: 'run_command', 'write_file', 'edit_file', and 'read_file' in 'SKILL.md'. • Sanitization: While 'SKILL.md' mentions 'Zod' for type safety of arguments, it does not mandate sanitization of the content of the tools being built.- [DYNAMIC_EXECUTION] (MEDIUM): The 'Operational Sequence' in 'SKILL.md' defines a workflow where the agent designs, implements, and verifies (runs) new code. This self-modifying/extending behavior is a high-risk pattern for autonomous agents.

resonance-automation