The Agent Skills Directory

Indirect Prompt Injection (MEDIUM): The schema_extractor.sh script parses external schema files (JSON, Protobuf, GraphQL, OpenAPI) and extracts human-readable strings that are later included in analysis reports. If these files contain malicious instructions, an agent reading the report could be compromised.
Ingestion points: The script reads user-specified files in scripts/schema_extractor.sh using cat, grep, jq, and yq.
Boundary markers: The script provides output with basic text headers (e.g., '=== JSON Schema Analysis ===') but lacks structured delimiters or instructions to the agent to treat the extracted content as untrusted data.
Capability inventory: The script performs data extraction and syntax validation using local tools. It does not have built-in network or file-write capabilities, limiting the immediate impact of an injection to reasoning manipulation.
Sanitization: There is no evidence of sanitization, filtering, or escaping for the strings extracted from schema files before they are output.
Command Argument Injection (LOW): While the script uses double quotes around the file variable "$FILE", passing unsanitized filenames directly to tools like jq or grep can occasionally lead to unexpected behavior if a filename is crafted to look like a command-line flag (e.g., -V).

file-schema-analysis