The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's execution steps involve running python3 "scripts/inventory_plugin.py" --path "$ARGUMENTS" --format json where the $ARGUMENTS variable is directly interpolated into a shell command. This creates a risk of command injection if the user input contains shell metacharacters such as semicolons, backticks, or command substitution sequences.
[EXTERNAL_DOWNLOADS]: The skill provides instructions to run pip install -r ./requirements.txt. This triggers the download and installation of external Python packages from public registries, creating a dependency on remote code.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to 'read every file completely' within a user-provided directory during the analysis phase. It lacks boundary markers or instructions to ignore embedded commands, allowing malicious instructions inside analyzed files to potentially hijack the agent's behavior. * Ingestion points: Every file located within the directory tree provided in the $ARGUMENTS path. * Boundary markers: Absent; the agent is instructed to read all content without delimiters. * Capability inventory: Access to the Bash and Write tools provides a significant impact path for any successful injection. * Sanitization: No sanitization or validation of the external file content before it is processed by the agent.

mine-plugins