The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): Unsafe shell variable interpolation. The pre hook in SKILL.md directly interpolates the $TASK variable into a shell command (echo ... $TASK) without quotes or sanitization. An attacker could use command substitution sequences like $(whoami) or backticks inside a task description to execute arbitrary commands in the agent's shell environment.
[PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface. 1. Ingestion points: The $TASK variable in the pre hook of SKILL.md. 2. Boundary markers: None present. 3. Capability inventory: Shell command execution via pre and post hooks. 4. Sanitization: No input validation or escaping is applied to the $TASK variable before shell execution.

agent-gossip-coordinator