The Agent Skills Directory

[COMMAND_EXECUTION]: The file scripts/create-openapi-spec.md utilizes shell command execution (using ! syntax) to perform filesystem operations. It runs commands such as grep, wc, and date to programmatically inspect the user's local directory and extract API metadata.\n- [DATA_EXFILTRATION]: The script in scripts/create-openapi-spec.md specifically targets sensitive file paths by executing grep -r "API_URL|BASE_URL|VITE_API" .env*. While it filters for URL patterns, any programmatic access to environment files is a high-risk data exposure vector that brings sensitive configuration secrets into the AI agent's context.\n- [PROMPT_INJECTION]: The scripts/create-openapi-spec.md script interpolates user-provided $ARGUMENTS directly into the task prompt and description. Without proper sanitization, this provides a surface for prompt injection that could be used to manipulate the agent's logic during the specification generation process.

api-design