The Agent Skills Directory

[DATA_EXFILTRATION]: The skill contains a file named docs with the content ../../../docs. This relative path reference suggests an attempt to access documentation or source files located several levels above the skill's own directory, which constitutes a path traversal risk and could lead to unauthorized file access depending on the execution environment.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It processes user-supplied code or function names and uses them to construct search and read paths for tools such as Read, Grep, and Glob. This can be exploited by an attacker providing crafted function names containing path traversal sequences to read sensitive files from the system.\n
Ingestion points: The $ARGUMENTS input defined in SKILL.md.\n
Boundary markers: The skill lacks boundary markers or instructions to isolate user input from the file path construction logic.\n
Capability inventory: The agent utilizes Read, Grep, and Glob capabilities, which are directly influenced by the processed arguments.\n
Sanitization: There is no evidence of sanitization or validation to prevent directory traversal sequences in the extracted function names.

migrate