The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interpolates user-supplied input ($ARTIST_NAME) into shell command substitutions and unquoted heredocs. \n
Evidence: ARTIST_SLUG=$(echo "$ARTIST_NAME" | tr ...) and cat > "$ARTIST_DIR/RECOUP.md" <<EOF in SKILL.md.\n
Risk: This enables arbitrary code execution if a user provides an artist name containing shell meta-characters like $(...).\n- [EXTERNAL_DOWNLOADS]: The skill fetches a multi-step workflow playbook from an external developer portal. \n
Evidence: https://developers.recoupable.com/workflows/create-artist in SKILL.md.\n
Note: This is a vendor-owned resource used to provide operational guidance for artist onboarding.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by reading and acting upon data from potentially untrusted workspace files. \n
Ingestion points: RECOUP.md and context/artist.md are read to determine identity and creative constraints.\n
Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat this content as untrusted data.\n
Capability inventory: The agent has access to shell commands and network operations via API calls while processing this data.\n
Sanitization: Basic formatting is applied to slugs, but the body of the data being read is not sanitized or validated.

artist-workspace