The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill instructions frequently invoke a local Python script 'manage_content.py' with various user-supplied arguments such as titles, dates, and descriptions. Because the script's source code is missing from the skill payload, it is impossible to confirm if it handles these inputs safely. If the script uses functions like 'os.system' or 'subprocess' with 'shell=True' without strict sanitization, it could lead to arbitrary command execution on the host system.
[PROMPT_INJECTION] (LOW): The skill provides a surface for indirect prompt injection by interpolating untrusted user data into Markdown templates (e.g., 'blog_post.md') and CLI commands. Evidence chain: 1. Ingestion points: Arguments provided to 'manage_content.py' via user requests. 2. Boundary markers: Absent in the provided templates. 3. Capability inventory: File system writes and shell command execution. 4. Sanitization: Unverifiable due to the absence of the processing script.

gitsite-content-manager