The Agent Skills Directory

[COMMAND_EXECUTION]: The skill allows for the execution of arbitrary shell commands through the command target parameter, which is passed directly to the freeze --execute command. This provides a direct path for the agent to execute any instruction on the host system.
[COMMAND_EXECUTION]: The skill can read arbitrary local files provided via the file target parameter. The content of these files is captured and transmitted to the LLM for validation, potentially exposing sensitive local data.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during the validation phase. Ingestion points include file content, command output, and tmux session captures. The prompt templates interpolate this untrusted data into the {captured_text} variable without using boundary markers or 'ignore' instructions to isolate the data from the judge's instructions. The skill's capability inventory includes full filesystem access and command execution, which could be abused if the LLM is manipulated by the terminal content it is analyzing. No sanitization or content filtering is implemented on the captured data before it is sent to the model.

tui-validate