The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The documentation describes installation methods that pipe remote scripts directly into the execution environment, which bypasses standard package integrity checks.
Evidence (Unix): curl -fsSL kasetto.dev/install | sh in references/getting-started.md.
Evidence (Windows): powershell -ExecutionPolicy Bypass -c "irm kasetto.dev/install.ps1 | iex" in references/getting-started.md.
[COMMAND_EXECUTION]: The skill facilitates commands that perform significant system modifications and binary replacements.
kst self update: Downloads and replaces the local binary with a new version from a remote GitHub repository (references/api-reference.md).
kst self uninstall: Removes binaries, data, and configurations from the local system (references/api-reference.md).
[EXTERNAL_DOWNLOADS]: The tool is designed to fetch configurations and skill data from arbitrary external sources.
Fetches resources from kasetto.dev and github.com/pivoshenko/kasetto.
The kst sync --config <url> command allows for fetching YAML configurations from any HTTPS URL, increasing the risk of interacting with malicious infrastructure.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data that could influence the agent's behavior.
Ingestion points: The kst sync command reads and processes content from remote git repositories and YAML configuration files (references/core-patterns.md).
Boundary markers: No explicit delimiters or boundary markers are documented to distinguish between management instructions and the content of the synced skills.
Capability inventory: The agent has the capability to execute shell commands (via kst), modify local file systems, and update the manager tool itself.
Sanitization: There is no evidence of sanitization or validation of the remote content before it is processed by the agent.

kasetto