The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script scripts/refresh.sh performs a git clone from the external repository https://github.com/trimstray/the-book-of-secret-knowledge.git. This process automatically updates the skill's reference files by overwriting local markdown files with content fetched from the remote source.\n- [COMMAND_EXECUTION]: The provided reference files (references/shell-oneliners.md and references/security-tools.md) contain numerous high-risk shell commands and tool references, including:\n
Backdoors and Reverse Shells: Commands such as nc -l 5000 -e /bin/bash and raw bash socket redirection (/dev/tcp/) for establishing remote shells.\n
Persistence Mechanisms: Instructions for modifying /etc/profile to execute scripts upon user logout using shell traps.\n
Privilege Escalation: Extensive use of sudo and commands to modify system permissions (chmod, setfacl).\n
Credential Sniffing: tcpdump patterns designed to capture plaintext passwords and usernames from network traffic.\n
Anti-Forensics: Commands to exit shells without saving history or to sterilize bash history files.\n- [PROMPT_INJECTION]: The skill exhibits a significant attack surface for Indirect Prompt Injection (Category 8).\n
Ingestion points: scripts/refresh.sh ingests data from a third-party GitHub repository not included in the trusted vendors list.\n
Boundary markers: There are no explicit instructions or delimiters within the skill to prevent the agent from interpreting instructions found within the downloaded markdown as authoritative commands.\n
Capability inventory: The agent is explicitly instructed to 'AUTO-CONSULT' this skill for a wide range of administrative and security tasks, giving it the context to suggest or potentially execute the provided dangerous commands.\n
Sanitization: No validation or sanitization of the downloaded markdown content is performed before it is integrated into the skill's reference library.

sysadmin-toolbox