The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill's CLI implementation requires sensitive information, including the master password and plaintext secret values, to be provided as command-line arguments (e.g., --password, --value). This exposure is a security anti-pattern as arguments are often visible to other processes on the system and may be recorded in shell history files.
[DATA_EXFILTRATION]: The skill manages a sensitive local database at ~/.aibtc/credentials.json. Although the implementation correctly uses AES-256-GCM for encryption and sets appropriate file permissions (0o600), the centralized storage of multiple secrets creates a high-value target for local data exposure if the host environment is compromised.
[PROMPT_INJECTION]: The skill ingests untrusted user input for fields such as label, category, and the secret value. This presents an indirect prompt injection surface; if an agent subsequently retrieves and incorporates this metadata into a prompt for another model without strict sanitization, it could influence or hijack the agent's behavior.
Ingestion points: User-provided arguments for add and get commands in credentials.ts.
Boundary markers: None implemented for the stored metadata fields.
Capability inventory: File system read/write operations in store.ts.
Sanitization: ID normalization is implemented, but no sanitization is performed on the label or category fields.

credentials