The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is designed to ingest and process untrusted external data sources, specifically application logs, stack traces, and user reports, while performing high-privilege actions like code modification and command execution. * Ingestion points: File SKILL.md specifies gathering logs, error messages, and user reports. * Capability inventory: The documentation instructs the agent to perform code modification ('Add instrumentation') and execute various shell commands ('npm test', 'git bisect', 'tail'). * Sanitization: There are no instructions for sanitizing or validating the external content before processing. * Boundary markers: No delimiters or warnings are provided to prevent the agent from obeying instructions found within the logs.
Command Execution (MEDIUM): The skill provides templates for executing various shell commands to investigate system state. * Evidence: SKILL.md lists specific commands such as 'tail -f logs/app.log', 'grep ERROR', and 'node --inspect'. * Risk: If an agent executes these commands with arguments derived from untrusted input without proper escaping, it could lead to arbitrary command injection.

debug