The Agent Skills Directory

[DATA_EXFILTRATION]: The skill facilitates sending brainstorm document content to an external endpoint (https://www.proofeditor.ai/share/markdown) via a curl POST request. This transmits project-specific design and requirement data to a third-party service not listed as a trusted provider.
[COMMAND_EXECUTION]: In Phase 4, the skill provides a bash script template for the agent to execute. The template uses shell variables (TITLE, CONTENT) to store data derived from user-provided topic titles and file contents. If these inputs contain shell metacharacters or command substitution patterns, it could lead to arbitrary command execution when the agent runs the script in its local environment.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted user input via #$ARGUMENTS and passing it to research tools. 1. Ingestion points: The #$ARGUMENTS variable captures user-provided feature descriptions. 2. Boundary markers: The input is wrapped in feature_description tags, which provide structure but no instructions to ignore embedded commands. 3. Capability inventory: Repository research, file system writes, file reading (cat), and network transmission (curl). 4. Sanitization: No explicit sanitization or validation of the user-provided description is performed before it is used in downstream tasks.

ce-brainstorm