The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill guides the management and relocation of highly sensitive files, including SSH private keys (~/.ssh/id_*), AWS credentials (~/.aws/credentials), and GnuPG data (~/.gnupg). While the documentation provides instructions for using encryption and exclusion files, the automated handling of these secrets by an agent represents a significant security risk.\n- [COMMAND_EXECUTION]: The primary function of the skill is to modify shell initialization files (~/.zshenv, ~/.zshrc, ~/.bashrc) and the file system structure via shell commands. Modifying system-wide or user-specific shell profiles is a standard persistence mechanism that could be exploited if malicious commands are introduced. Additionally, the skill utilizes shell sourcing for modular configurations, which executes code at runtime.\n- [DATA_EXFILTRATION]: The skill encourages users to synchronize their configuration directory with remote Git repositories. This workflow presents a risk of sensitive data exfiltration if secrets are not correctly excluded via ignore files or encryption.\n- [REMOTE_CODE_EXECUTION]: The documentation suggests installing external utilities such as chezmoi and Oh My Zsh using shell piping (curl | sh). While the sources provided are well-known services, the execution of remote scripts is an inherently risky pattern. These instances are documented neutrally as they originate from well-known sources.\n- [PROMPT_INJECTION]: The skill architecture relies on processing and sourcing user-controlled configuration files (Ingestion points: ~/.zshenv, ~/.zshrc, .envrc), which introduces a surface for indirect prompt injection. The skill lacks boundary markers or sanitization to prevent the execution of malicious instructions embedded in these files. The agent's capability to execute shell commands (Capability inventory: mv, rm, ln, git, chmod) could be exploited if an attacker influences the content of these processed files.

dotfile-systems-architect