The Agent Skills Directory

[COMMAND_EXECUTION]: The skill explicitly directs the AI agent to use shell-level utilities (pbcopy on macOS, xclip on Linux, and clip.exe on Windows) to perform clipboard operations. This involves executing system commands which, if not carefully handled, could be subverted via command injection if the content being copied is not properly escaped.- [PROMPT_INJECTION]: The 'Auto-copy' functionality creates a surface for indirect prompt injection.- Ingestion points: The skill monitors for 'paste-worthy' content such as commit messages, PR descriptions, and shell commands, which often originate from external, untrusted sources (e.g., SKILL.md).- Boundary markers: The instructions lack requirements for the agent to use delimiters or ignore embedded instructions within the data it copies.- Capability inventory: The agent utilizes system shell commands to interact with the clipboard, providing a bridge from untrusted data to system-level utilities.- Sanitization: There are no instructions for sanitizing or validating the text before it is passed to the system commands, allowing potentially malicious payloads to reach the user's clipboard automatically.

clipboard