The Agent Skills Directory

[Dynamic Execution] (MEDIUM): The skill relies on proxychains4, which utilizes the LD_PRELOAD environment variable to intercept and redirect network system calls at runtime. Although this is standard for the tool's operation, it involves injecting code into other processes to modify their network behavior, a technique with high security implications.
[Indirect Prompt Injection] (LOW): The skill implements automated logic to retry commands with a proxy when network errors are detected (Category 8c).
Ingestion points: Command output and error messages (timeout, connection refused) from network tools like curl, git, and pip as specified in SKILL.md.
Boundary markers: Absent; the agent is not instructed to sanitize or ignore instructions embedded within these error strings.
Capability inventory: File system access (mkdir, cat, chmod), package installation via sudo apt, and various network command executions through proxychains4.
Sanitization: Absent; the agent directly interprets command-line error output to trigger subsequent actions.
[Command Execution] (LOW): The scripts/setup-proxy.sh script and references/troubleshooting.md suggest the use of sudo for tool installation and perform file system modifications (e.g., writing to ~/.proxychains/proxychains.conf). These actions are transparent but require careful user supervision.
[Data Exposure & Exfiltration] (SAFE): The skill defaults to a local proxy at 127.0.0.1:9910. Network connectivity tests are performed against google.com and ipinfo.io. While these are non-whitelisted domains, the operations are standard connectivity checks and do not involve sensitive data exfiltration.

proxychains