The Agent Skills Directory

[Command Execution] (MEDIUM): The scripts scripts/create_bug_report.sh and scripts/generate_test_cases.sh utilize eval to assign user-provided input to internal variables.
Evidence: The line eval "$var_name=\"$input\"" in both scripts allows for command substitution. If a user provides input like $(whoami), the command will be executed by the shell during the evaluation process.
[Indirect Prompt Injection] (LOW): The skill provides templates and scripts that generate structured markdown files intended for further processing by agents or developers.
Ingestion points: scripts/create_bug_report.sh and scripts/generate_test_cases.sh capture raw user input.
Boundary markers: The generated markdown uses standard headers but lacks explicit 'ignore embedded instructions' warnings for downstream LLM processors.
Capability inventory: The scripts have file-write capabilities and the ability to execute shell commands via the eval vulnerability.
Sanitization: There is no sanitization or escaping of the input before it is evaluated by the shell or written to the final markdown files.
[Data Exposure] (LOW): The scripts allow users to specify an output directory via the first command-line argument without validation.
Evidence: OUTPUT_DIR="$1" allows a user to potentially overwrite files in sensitive locations if the script is run with high privileges.

qa-test-planner