The Agent Skills Directory

[PROMPT_INJECTION]: The skill ingests user-provided metadata which could contain instructions intended to influence agent behavior during the authoring process.
Ingestion points: The [name] and [description] variables in SKILL.md.
Boundary markers: Double quotes are used in the command-line call, but no explicit instructions or delimiters are present to prevent the agent from following instructions embedded within the description content.
Capability inventory: The skill has the capability to execute commands via the scripts/validate-metadata.py script.
Sanitization: While the validation script checks for length and character sets in names, it does not sanitize the description field for embedded agent instructions.
[COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script using unvalidated user input as command-line arguments, which presents a potential command injection surface.
Evidence: SKILL.md Step 1.3: 'python scripts/validate-metadata.py --name "[name]" --description "[description]"'.
Risk: If the execution environment (shell) does not automatically escape the provided metadata placeholders, shell metacharacters in the description could lead to arbitrary command execution.

skill-creator