The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands including curl and python3 to interact with the Karma API and process returned data. While these are used for the skill's primary purpose, they represent a capability that interacts with external data.
[PROMPT_INJECTION]: The skill's design involves taking user-provided strings (such as project names and update text) and placing them directly into shell command templates and API payloads. This creates a surface for indirect prompt injection or command injection.
Ingestion points: User-provided inputs for project names, titles, and update text are used in SKILL.md to construct search queries and POST requests.
Boundary markers: There are no specific boundary markers or instructions to the agent to treat the interpolated user data as literal or unsafe content.
Capability inventory: The skill has the ability to execute network requests via curl and run Python scripts using python3 -c for JSON parsing.
Sanitization: The skill instructions do not specify any validation or sanitization steps for the user-provided variables before they are used in command execution.

create-project-update