Report

The skill's stated purpose of report generation and delivery is benign. However, it presents several potential vulnerabilities that could be exploited by a malicious user of the skill. The `delivery.md` file instructs the agent to create cron jobs with payloads containing user-defined strings (e.g., `{report-name}`, `{channel}`), which could be vectors for prompt injection or command injection if not properly sanitized by the agent. Additionally, `formats.md` uses `browser action=pdf targetUrl=file:///path.html`, where `path.html` could be manipulated for local file disclosure. The `schema.md` also defines a 'Data Prompt' field, a user-controlled string that could be used for prompt injection against the agent. These capabilities, while functional, introduce significant risks if the agent's execution environment lacks robust input sanitization and sandboxing.