The Agent Skills Directory

Command Execution (MEDIUM): The skill constructs shell commands to execute Python scripts (auto_generator.py and generate_card.py) using variables like topic, color, and image folder path derived from user input. This pattern is susceptible to command injection if the agent does not strictly validate or escape user-provided strings before they are interpolated into the shell command, as shell metacharacters could be used to break out of quoted arguments.
Indirect Prompt Injection (LOW): The skill processes untrusted user data to drive subsequent tool execution. [Ingestion points]: User-provided topic strings and local file system paths for images in SKILL.md. [Boundary markers]: The bash examples use double quotes for arguments and a single-quoted heredoc (<< 'EOF'), which prevents some shell expansion but does not fully mitigate argument injection in the command line itself. [Capability inventory]: Execution of local scripts and reading/writing files on the local filesystem. [Sanitization]: No sanitization logic or instructions for input validation are present in the skill definition.
Data Exposure & Exfiltration (LOW): The skill prompts the user to provide an image folder path (e.g., /path/to/travel-images) which the script then accesses. This provides a surface for reading arbitrary local directories if the path is not restricted to expected data locations.

card-news-generator-v2