The Agent Skills Directory

Indirect Prompt Injection (LOW): The scripts process untrusted external data (Markdown, HTML, and images) which could contain malicious instructions designed to influence the AI agent or be presented to the user. \n
Ingestion points: Command-line arguments and file system paths in scripts/copy_to_clipboard.py (via args.path, args.file, args.content, and sys.stdin) and scripts/table_to_image.py (via input_path). \n
Boundary markers: Absent. The scripts do not use specific delimiters or instructions to ignore embedded commands within the processed data. \n
Capability inventory: Local file reading, system clipboard modification (via AppKit on macOS and win32clipboard on Windows), and image generation (using Pillow). \n
Sanitization: None. Data is processed and rendered as-is. \n
Assessment: The severity is LOW because the available capabilities are restricted to local data transfer and static image creation; there is no capability for network exfiltration, arbitrary command execution, or automated decision-making based on the content.

publish-x-article