The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructs the agent to 'treat [command] output as authoritative' and 'Do not rediscover context from branches, files, or prompt contents.' This is an attempt to bypass the agent's standard data validation and safety protocols by forcing it to rely exclusively on potentially attacker-controlled tool output.
[COMMAND_EXECUTION]: The instruction to run spec-kitty agent shim merge --agent windsurf --raw-args "$ARGUMENTS" interpolates user-supplied arguments directly into a shell command. This creates a high risk of command injection where an attacker could execute arbitrary shell commands on the host machine.
[EXTERNAL_DOWNLOADS]: Multiple files in the skill, including requirements.txt and scripts/sync_configuration.py, consist entirely of path traversal strings (e.g., ../../requirements.txt). This technique is used to bypass the skill's directory isolation and load configuration or executable code from the parent file system, which may contain sensitive data or system scripts.

spec-kitty-merge