The Agent Skills Directory

Privilege Escalation (HIGH): The file references/troubleshooting.md recommends running sudo chmod 666 /var/run/docker.sock to resolve permission issues. This is a severe security misconfiguration that permits any user on the system to gain root privileges by interacting with the Docker API.
Indirect Prompt Injection (HIGH): The skill facilitates the execution of complex commands based on untrusted external data (scraped documentation).
Ingestion points: Documented in references/trading.md and other reference files containing content from external URLs (e.g., hummingbot.org).
Boundary markers: Absent; instructions do not distinguish between system-provided rules and scraped data.
Capability inventory: Includes execution of shell commands (gateway), Python script execution (hummingbot_quickstart.py), and crypto trade execution via HummingbotAPIClient.
Sanitization: None; the agent is instructed to use code patterns directly from the reference files.
Command Execution (HIGH): Multiple files (e.g., SKILL.md and references/troubleshooting.md) encourage the execution of shell commands, Docker operations, and local scripts, posing a risk of arbitrary command execution if the input context is manipulated.
External Downloads (MEDIUM): references/trading.md recommends the installation of the hummingbot-api-client package via pip, introducing a dependency on an external package registry that is not within the defined trust scope.

hummingbot