The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md utilize shell commands that interpolate the user-provided $ARGUMENTS variable without sanitization. Specifically, the use of pdf_stem=$(basename "$ARGUMENTS" .pdf) and curl -L -o "/tmp/${pdf_stem}.pdf" "$ARGUMENTS" creates a surface for command injection if the input contains shell metacharacters or subshell executions.
[EXTERNAL_DOWNLOADS]: The skill downloads PDF files from arbitrary URLs provided by the user using curl. This is functional but involves downloading untrusted content from remote servers.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes unstructured data from external PDF files which are then used to plan and generate website content. Ingestion points: PDF content from local or remote paths provided via $ARGUMENTS. Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands within the PDF. Capability inventory: The skill can execute shell commands (curl, python) and write files to the workspace. Sanitization: No sanitization or validation of the PDF content or the input arguments is performed.

glmv-pdf-to-web