The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The ps7_wrapper.ts utility constructs shell commands for pwsh by concatenating user-provided parameters into an argument array. While child_process.spawn is used, the lack of comprehensive shell-specific escaping for scalar values (strings, booleans) when passed to the PowerShell environment could allow for argument injection. Furthermore, the class allows for a dynamic scriptPath to be provided in the constructor, which facilitates dynamic execution from computed paths, a MEDIUM severity finding.- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. \n 1. Ingestion points: External data enters the context via API responses in rest_api_consumer.ps1 and via module file parsing in publish_to_gallery.ps1. \n 2. Boundary markers: Absent. There are no delimiters or specific instructions to the agent to treat this data as untrusted. \n 3. Capability inventory: The skill can execute arbitrary PowerShell commands, make outbound network requests, and write to the file system (via DSC or module publishing). \n 4. Sanitization: Minimal. The wrapper script performs basic JSON escaping for object types but does not sanitize simple string parameters.- [SAFE] (SAFE): The rest_api_consumer.ps1 script contains a SkipCertificateCheck parameter. Enabling this flag disables SSL/TLS certificate validation, making the agent vulnerable to man-in-the-middle (MITM) attacks during REST API interactions.- [EXTERNAL_DOWNLOADS] (LOW): Documentation in ps7_quickstart.md provides instructions for downloading PowerShell installers from GitHub. Since GitHub is a Trusted Source, this download pattern is downgraded to LOW severity.

powershell-7-expert