The Agent Skills Directory

Privilege Escalation (MEDIUM): The wrapper includes methods to modify sensitive system-wide settings such as the PowerShell Execution Policy and Language Mode. The capability to set policies to 'Bypass' or 'Unrestricted' is a significant privilege modification. Severity is adjusted from HIGH to MEDIUM due to the primary administrative purpose of the skill.\n- Command Execution (MEDIUM): The implementation uses child_process.spawn to invoke powershell.exe. Parameters are dynamically appended to the argument list. Although basic stringification is applied, the lack of a strict whitelist for sensitive parameters like 'scope' or 'policy' poses a risk of command manipulation if the target scripts do not perform their own validation.\n- Indirect Prompt Injection (LOW): The skill defines a large attack surface where untrusted user-provided data can influence system-level configuration changes. Evidence Chain: 1. Ingestion points: All parameters in methods within security_hardening_wrapper.ts. 2. Boundary markers: Absent; no delimiters or 'ignore' instructions are used for parameters. 3. Capability inventory: High-privilege system access via PowerShell spawn. 4. Sanitization: None; parameters are converted to strings without validation against allowed values.\n- Dynamic Execution (MEDIUM): Methods such as getExecutionPolicy construct PowerShell command strings using template literals and pass them to an execution wrapper. While the wrapper currently treats these as filenames (likely causing a logic error), the pattern of assembling executable strings from input is a risk.

powershell-security-hardening