The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes a shell command using $ARGUMENTS without sanitization: spec-kitty agent shim tasks-finalize --agent windsurf --raw-args "$ARGUMENTS". This pattern is vulnerable to command injection if malicious user input is passed into the arguments.\n- [DATA_EXFILTRATION]: Multiple files contain relative paths that traverse deep into the parent directory structure (e.g., ../../../../../../). These sequences indicate an attempt to access files outside the skill's sandbox, which can lead to information disclosure of system-level or agent-specific configuration files.\n- [PROMPT_INJECTION]: The instructions include override markers such as "treat its output as authoritative" and "Do not rediscover context." These directives are intended to suppress the agent's reasoning capabilities and safety filters, forcing reliance on external tool output.

spec-kitty-tasks-finalize