The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute tau CLI commands non-interactively using the --defaults --yes flags. These commands incorporate several user-controlled variables including <domain_name>, <site_name>, <lib_name>, <path>, and <app_name>. The lack of sanitization or quoting for these variables in the provided templates could allow a malicious user to inject additional shell commands using characters like ;, &, or backticks.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data (user-defined resource names and configurations) and interpolates them into executable shell commands.\n
Ingestion points: Resource names, paths, descriptions, and matchers provided by the user in SKILL.md templates.\n
Boundary markers: No explicit boundary markers or instructions to sanitize/validate user input are present in the skill.\n
Capability inventory: Extensive shell execution capabilities via the tau CLI, including creating repositories, domains, and functions.\n
Sanitization: No evidence of sanitization or validation of the interpolated variables before command execution.

creating-taubyte-resources