The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill heavily relies on executing external commands via subprocess.run. Specifically, deploy_vercel.py executes the vercel CLI for production deployments, and batch_create.py executes a secondary Python script. This poses a risk if inputs like slug or domain are maliciously crafted, although shell injection is mitigated by the use of argument lists.
[PATH_TRAVERSAL] (HIGH): In batch_create.py, the slug parameter (sourced from untrusted CSV/JSON input) is used directly to construct file paths: target_dir = root / slug. There is no sanitization to prevent directory traversal sequences (e.g., ../../). When combined with the --allow-outside flag, an attacker can overwrite arbitrary files on the host system or place malicious files in sensitive locations like ~/.ssh or startup directories.
[NO_CODE] (MEDIUM): The core logic for project creation resides in scripts/scaffold.py, which is referenced by documentation and batch_create.py but is completely missing from the skill files. This makes the skill non-functional and suggests it may have been truncated or misconfigured.
[EXTERNAL_DOWNLOADS] (LOW): The skill documentation encourages the installation of the vercel CLI globally (npm i -g vercel) and references external UI packages (@agenticindiedev/ui). While these are common in development workflows, they introduce dependency risks.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data (CSV/JSON). While categorized as low per rules, the lack of boundary markers and sanitization on fields like slug and concept directly enables the path traversal described above.
Ingestion points: batch_create.py (CSV/JSON files)
Boundary markers: None present.
Capability inventory: subprocess.run (Vercel, Python), shutil.copytree (File Write).
Sanitization: No validation or escaping of input fields used in path construction.

micro-landing-builder