The Agent Skills Directory

[COMMAND_EXECUTION]: The script 'scripts/challenge.sh' uses an unquoted heredoc ('cat << EOF') to generate its output, which allows for shell variable expansion and command substitution. If the input variables 'TARGET' or 'CONTEXT' contain malicious shell commands (e.g., '$(command)' or backticks), they will be executed by the shell during the execution of the script.
[COMMAND_EXECUTION]: The script constructs JSON output using simple string concatenation in an 'echo' command. This approach is vulnerable to JSON injection; a malicious input could include escaped double quotes to inject additional keys or corrupt the JSON structure, potentially misleading downstream processes or the agent itself.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and analyze untrusted data from external sources (such as PDFs, markdown files, and JSON data mentioned in 'SKILL.md'). It lacks explicit boundary markers or delimiters to protect the agent's context from instructions embedded within these documents. Furthermore, the skill lacks sanitization of this external content before it is processed or passed to shell capabilities like 'scripts/challenge.sh'.

devils-advocate