The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute commands where variables like <expected_path>, , and are interpolated. These variables are derived from potentially untrusted task outputs. If these inputs contain shell metacharacters (e.g., ;, &, |), it could lead to arbitrary command execution on the host system. Evidence: test -f <expected_path>, grep ... , and node --test tests//.test.cjs.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes artifacts and metadata produced by other tasks without sanitization. Ingestion points: Artifact names, module names, and file paths provided via task criteria or plan files. Boundary markers: Absent; there are no delimiters or specific instructions to the agent to disregard embedded malicious patterns within the artifacts being verified. Capability inventory: Access to Bash, Read, Grep, and Glob tools, as well as the ability to execute Node.js scripts. Sanitization: Absent; the skill does not validate or escape artifact paths before interpolation into shell commands.
[COMMAND_EXECUTION]: Level 4 of the verification process performs dynamic code execution by running node --test on paths constructed from untrusted metadata. This allows for the execution of potentially malicious scripts if the path points to an attacker-controlled or compromised file.

goal-backward-verification