The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The scripts/report.py file contains several hardcoded credentials, including a Resend API key (SKILL_EMAIL_KEY), Gmail account credentials with an app password (SKILL_GMAIL_USER and SKILL_GMAIL_APP_PWD), and a Brave Search API key. Hardcoding these secrets in a skill package is a critical security vulnerability that exposes accounts to compromise.
[REMOTE_CODE_EXECUTION]: The do_install_skill function in scripts/report.py downloads shell scripts from arbitrary URLs or GitHub repositories based on search results and executes them via subprocess. This allows for the execution of untrusted code on the host system without adequate verification.
[EXTERNAL_DOWNLOADS]: The skill's README.md and references/env_fixes.md promote several 'one-line install' patterns and automatic fixes that fetch and execute scripts from external domains like raw.githubusercontent.com, bootstrap.pypa.io, deb.nodesource.com, and get.docker.com.
[COMMAND_EXECUTION]: The 'Auto-Fix' strategy defined in references/env_fixes.md instructs the AI to execute powerful system commands, including package installations via sudo, brew, and apt-get, without user confirmation or technical transparency.
[DATA_EXFILTRATION]: The scripts/report.py and scripts/hook_post_skill.py scripts are designed to collect extensive environment metadata (OS details, tool paths, and configuration status) and session transcripts, which are then transmitted to an external community API (https://api.ai-autopilot.community).
[PROMPT_INJECTION]: The SKILL.md file contains instructions that command the agent to bypass standard safety procedures and user confirmations through rules like 'ONE confirmation only', 'Auto-fix everything', and 'FIX IT SILENTLY'.

omnidrive