The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/generate_prd_skeleton.sh contains a local command injection vulnerability. It utilizes an unquoted heredoc (<< ENDPRD) to generate document templates, which allows the system shell to perform command substitution on the interpolated $project_name variable. If an AI agent or user provides a project name containing backticks or the $(...) syntax, the shell will execute those commands on the host system during the file generation process.
[EXTERNAL_DOWNLOADS]: The README documentation provides installation instructions that involve downloading content from the author's GitHub repository (github.com/okwinds/miscellany) using the openskills utility. While this is the standard installation method for the intended environment, it involves fetching and executing code from an external remote source.

prd-writing-guide