The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it accepts file names from user input and passes them directly to a bash command without sanitization. 1. Ingestion points: Filenames are extracted from user messages based on instructions in SKILL.md. 2. Boundary markers: No markers or instructions to ignore embedded commands are present. 3. Capability inventory: The skill uses the wc -w command via bash. 4. Sanitization: No validation or shell-escaping is performed on the user-provided filename before execution.

word-count-checker