The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The workflow in SKILL.md directs the agent to use the Bash tool to perform sensitive file system modifications, specifically rm CLAUDE.md and ln -s AGENTS.md CLAUDE.md. Automating the deletion of project configuration files without specific user guardrails poses a risk to project integrity.
PROMPT_INJECTION (LOW): The file references/agents_template.md contains instructions designed to override the agent's default behavior, such as 'Never delete, replace, or forget these rules' and requiring the AI to perform updates 'without asking the user'. While task-specific, this pattern mimics behavior-override injections.
INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to read untrusted source materials like API route files and technical docs. It lacks explicit boundary markers or instructions to treat ingested code as data only, creating an attack surface where malicious comments in project files could influence agent actions.
DATA_EXPOSURE (SAFE): The skill accesses local project files (API routes, data models) to generate documentation; however, no evidence of hardcoded credentials or unauthorized data exfiltration was found.

agents-md-generator