The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation instructions for the required CLI tool use curl -fsSL https://cli.inference.sh | sh in SKILL.md. This pattern executes a remote script directly in the user's shell, allowing for arbitrary code execution from the remote server.
[COMMAND_EXECUTION]: The skill provides numerous templates that modify system state, including instructions to modify the crontab for persistence. This allows the skill to maintain long-term access and execute tasks automatically on the host system.
[EXTERNAL_DOWNLOADS]: The 'Related Skills' section suggests using npx skills add to fetch and execute additional code from remote repositories, which introduces unverifiable third-party dependencies at runtime.
[DATA_EXFILTRATION]: A monitoring script template includes a curl command that POSTs data to an external webhook (https://your-webhook.com/alert). This pattern could be used to exfiltrate command outputs, error logs, or environment variables to an attacker-controlled endpoint.
[PROMPT_INJECTION]: The skill exhibits surface area for indirect prompt injection (Category 8):
Ingestion points: The skill reads untrusted data from search results via tavily/search-assistant and local file contents using cat $file in the 'Data Processing Pipeline' section of SKILL.md.
Boundary markers: External data is interpolated directly into prompts for Claude models (e.g., "prompt": "... based on: $RESEARCH") without any delimiters or instructions to ignore embedded commands.
Capability inventory: The skill possesses the Bash tool capability, allowing it to perform file system operations and network requests.
Sanitization: No sanitization or escaping of the ingested external content is performed before it is passed to the LLM.

ai-automation-workflows