The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands (e.g., python3, find, git) that incorporate data read from local files such as ~/.claude.json. Specifically, the pet's name and personality are used directly in command-line arguments and file paths. If these fields contain shell metacharacters like semicolons, backticks, or pipe symbols, it could result in arbitrary command execution on the host system.\n- [DATA_EXFILTRATION]: To personalize song lyrics, the skill performs broad reads of sensitive local data, including memory files across all Claude Code projects (~/.claude/projects/*/memory/*.md) and recent git history. This involves extensive access to project-specific context and user interaction history.\n- [EXTERNAL_DOWNLOADS]: The skill relies on and executes code from an external dependency, the minimax-music-gen skill, using scripts located at ~/.claude/skills/minimax-music-gen/scripts/. While this appears to be a related resource from the same vendor, it represents a dependency on external executable content.\n- [INDIRECT_PROMPT_INJECTION]: The skill lacks sanitization and boundary markers for ingested data. Content from ~/.claude.json, project memory files, and git logs is interpolated into prompts for lyrics and music generation APIs. This creates an attack surface where malicious data in those files could influence the agent's output and subsequent subprocess calls.

buddy-sings