The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands including git clone, gh repo clone, ls, find, and mkdir. These commands use parameters such as the GitHub URL, branch name, and project path extracted from user input or the config.md file. The lack of sanitization for these variables poses a risk of command injection if the configuration file or paths are maliciously crafted.
[EXTERNAL_DOWNLOADS]: The workflow involves downloading external code repositories from URLs defined in a local configuration file. This automated fetching of remote content from unverified sources can introduce malicious scripts or data into the local environment.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8) by processing untrusted data to generate an ethics summary and inventory. Ingestion points: Reads config.md, documents in the ethics/ folder (PDF, DOCX, MD), and metadata/headers from data files (CSV, XLSX). Boundary markers: The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded within the files being analyzed. Capability inventory: The skill has access to the filesystem and the ability to execute network operations (git clone). Sanitization: No validation or filtering is performed on the content extracted from external files before it is processed by the agent.

context-ingestion