The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute curl commands that are assembled from variables such as {{ ENDPOINT }} and {{ PAYLOAD }}. This pattern of dynamic command construction is vulnerable to shell injection if input sources, like filenames in a git diff or values in environments.md, contain shell metacharacters.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources.
Ingestion points: Git diff outputs in P1, API response bodies in P3, and log query results in P4.
Boundary markers: No explicit delimiters are specified to isolate untrusted data from the agent's instructions.
Capability inventory: Bash (used for curl, git, and log queries), WebFetch, Grep, Glob, Task.
Sanitization: The instructions suggest redacting personal information in the final report but do not provide a mechanism for sanitizing data before it is processed or used in command assembly.
[EXTERNAL_DOWNLOADS]: The skill performs network interactions via curl and WebFetch to remote endpoints defined in the configuration. This functionality involves transmitting potentially sensitive authentication headers and processing content from external services.

feature-verify