The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains explicit instructions to generate a security_override.json file designed to bypass 'deterministic security Phase 5 P0 checks'. This manifest whitelists high-risk operations including subprocess.run, requests, and urllib, which could allow generated skills to evade security auditing and safety filters.
[COMMAND_EXECUTION]: The scripts/scaffold.py script uses os.chmod(script_path, 0o755) to automatically grant execute permissions to generated Python scripts. This facilitates the immediate execution of generated code that may contain dangerous logic.
[REMOTE_CODE_EXECUTION]: The skill is designed to scaffold 'container orchestration' workflows that rely on subprocess calls and network operations. By combining this with an automated security whitelist, the skill creates a path for the agent to execute arbitrary system commands under the guise of orchestration.
[PROMPT_INJECTION]: The scaffolding process interpolates untrusted user input (the --desc argument) directly into multiple template files (SKILL.md, README.md, agent.md) without sanitization. This creates a surface for indirect prompt injection where a malicious description could override the behavior of the generated agent.
Ingestion points: User input captured during the 'Discovery Phase' and passed as CLI arguments to scaffold.py.
Boundary markers: Absent; user-provided descriptions are inserted directly into template strings using .format().
Capability inventory: The skill has Bash, Read, and Write capabilities, and generates scripts that use subprocess and network libraries.
Sanitization: scaffold.py validates resource names using regex, but the description field remains unvalidated and is interpolated into sensitive configuration files.

create-docker-skill