The Agent Skills Directory

[DATA_EXFILTRATION]: The skill instructions in 'references/api-reference.md' provide a command to upload local files to the Matrix server using 'curl --data-binary @/path/to/file'. This enables an agent to read any file on the local system and transmit it to an external server. While intended for administrative file sharing, it serves as a powerful primitive for data exfiltration if the agent is manipulated into reading sensitive files like SSH keys or environment configurations.
[COMMAND_EXECUTION]: The skill uses shell commands ('curl') for its operations, incorporating user-provided placeholders such as , , and . This pattern creates a potential surface for command injection or unintended file system access if the inputs are not properly sanitized by the underlying platform.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to how it handles external data. Ingestion points: Matrix room messages are fetched using the endpoint in 'references/api-reference.md'. Boundary markers: Absent; there are no instructions to the agent to treat fetched message content as untrusted data or to use delimiters. Capability inventory: The skill allows for network operations (curl), administrative API interactions, and local file reads (upload functionality). Sanitization: No validation or sanitization of message content is mentioned. An attacker could send a message in a Matrix room that, when read by the agent, triggers unauthorized actions or data leakage.

matrix-server-management