The Agent Skills Directory

[COMMAND_EXECUTION]: The sdd execute-verify command allows for the execution of arbitrary shell commands or skills stored in the metadata fields of the JSON specification files. This capability enables dynamic execution of logic defined in data files, which could be exploited to run malicious code if the specification files are compromised.- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted data from specification files that control its behavior.
Ingestion points: JSON specification files located in the specs/ directory.
Boundary markers: Absent; the agent reads and acts on the JSON content without using delimiters or safety instructions to ignore embedded instructions.
Capability inventory: The agent can perform file system modifications, git operations, and execute arbitrary commands via the sdd CLI.
Sanitization: Absent; there is no mention of sanitizing or validating the content of the specification files before the data is used to drive agent actions or command arguments.

sdd-update