The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill utilizes local shell scripts like scripts/log_decision.sh which accept multiple parameters (title, decision, rationale) sourced from user input. This introduces a risk of shell injection if the agent constructs the command string unsafely or if the underlying scripts lack robust argument sanitization.
[PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to indirect prompt injection because it ingests and acts upon content from project files. 1. Ingestion points: Reads files from the docs/vision/ and resources/ directories. 2. Boundary markers: None specified; content from files is processed directly into the agent's context. 3. Capability inventory: The skill has the ability to execute shell scripts and write to the local file system. 4. Sanitization: None detected. Maliciously crafted text within these documentation files could influence the agent to deviate from its intended vision-tracking logic or perform unauthorized actions.

Game Vision Designer