The Agent Skills Directory

Privilege Escalation & Unverifiable Dependencies (HIGH): The script scripts/validate-agent-card.sh contains logic to automatically install the jq utility using sudo apt-get update, yum, or brew if it is not found on the system. Running package managers with elevated privileges inside a utility script is a high-risk practice as it modifies the system state and downloads external software without explicit user confirmation of the installation command.
Command Injection via sed (MEDIUM): The scripts/generate-agent-card.sh script uses sed to perform string replacement for generating JSON files. It uses a fixed delimiter (|) and interpolates user-provided variables (like AGENT_DESC or SERVICE_ENDPOINT) directly into the command string. An attacker providing a value containing the | character could break the sed command or potentially manipulate the file generation process.
Indirect Prompt Injection Surface (MEDIUM): The skill's primary purpose is generating structured metadata (Agent Cards) intended to be consumed by other AI agents (A2A). This creates an injection surface where a malicious user could craft a 'description' or 'skill' name within an agent card that, when parsed by a downstream agent, could influence its behavior. While the skill includes a validation script, it does not sanitize the content for prompt injection patterns.
Ingestion points: User input via read -p in scripts/generate-agent-card.sh and fields within generated JSON files.
Boundary markers: None implemented; JSON values are interpolated directly into templates.
Capability inventory: The skill can write files to the local filesystem using cp and sed via the Bash tool.
Sanitization: No sanitization or escaping of user input is performed before it is written to the output JSON files.

agent-card-templates