The Agent Skills Directory

[SAFE]: No malicious patterns, hidden code, or data exfiltration attempts were identified. The skill's behavior is consistent with its stated utility for project file generation.
[COMMAND_EXECUTION]: The skill uses the Bash tool to run the 'npm run generate' command. This is performed via a wrapper script (scripts/run-generate.sh) which properly uses double-quotes for positional variables (e.g., "$CATEGORY", "$NAME"), effectively mitigating command injection risks from user-supplied input.
[PROMPT_INJECTION]: Analysis of indirect prompt injection (Category 8) vulnerability surface: 1. Ingestion points: User requests describing the file to be created in prompts/01-parse-request.md. 2. Boundary markers: None present; the system relies on the model's parsing capability. 3. Capability inventory: Includes the Bash tool for command execution and 'cat' for viewing generated file contents. 4. Sanitization: The shell script provides sanitization via variable quoting, and the prompt instructions in prompts/02-execute.md constrain file paths to specific directories (e.g., 'app/'), limiting the impact of potential path traversal attempts.

generator-operator