The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent to download and execute a script directly into the shell from an external source.
Evidence: references/troubleshooting.md contains curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash.
Context: The source domain and organization (nvm-sh) are not on the trusted list, making this a classic RCE vector.
COMMAND_EXECUTION (HIGH): Numerous commands require or suggest elevated privileges and system-level modifications.
Evidence: SKILL.md, references/troubleshooting.md, and scripts/env-checker.sh include sudo chown, sudo usermod, sudo systemctl, and sudo tee.
Note: These commands can be used for privilege escalation if the agent's context is manipulated.
PERSISTENCE (MEDIUM): The skill provides instructions to modify shell startup files to persist environment changes.
Evidence: SKILL.md and references/troubleshooting.md suggest appending commands to ~/.bashrc and ~/.zshrc.
Risk: While legitimate for PATH configuration, this is the primary mechanism for establishing persistence on a system.
CREDENTIALS_UNSAFE (LOW): The skill includes hardcoded placeholder credentials and demonstrates insecure practices.
Evidence: SKILL.md contains export API_KEY="abc123".
Note: Although presented as examples, hardcoded keys in scripts are a violation of security best practices.
COMMAND_EXECUTION (MEDIUM): Use of dynamic execution for environment initialization.
Evidence: references/troubleshooting.md includes eval "$(pyenv init -)".
INDIRECT PROMPT INJECTION (LOW): The skill ingests untrusted data through environment files without sanitization.
Ingestion point: references/troubleshooting.md shows source .env.
Boundary markers: Absent.
Capability inventory: High (sudo, kill, chmod, eval).
Sanitization: None. This creates a surface where malicious instructions in a .env file could be executed with high privileges.

env-debug