Source Library

The skill is vulnerable to shell injection due to the `SKILL.md`'s auto-trigger behavior combined with `allowed-tools: "Bash(node:*)"`. The agent is instructed to execute `node scripts/source-library.js save` with arguments derived from user-shared URLs (e.g., `--name`, `--url`, `--claims`). If these user-controlled values are not properly sanitized by the agent before constructing the Bash command, a malicious user could inject arbitrary shell commands. Additionally, the agent is instructed to 'Analyze with context' using content from user-populated markdown files, creating a potential prompt injection vector against the agent itself.