The Agent Skills Directory

PROMPT_INJECTION (LOW): Vulnerable to Indirect Prompt Injection. The skill reads external plugin files from mnt/.plugins to find placeholders. If these files contain malicious instructions, they could influence agent behavior. • Ingestion points: Plugin source files in mnt/.local-plugins and mnt/.plugins. • Boundary markers: Absent. No specific instructions to ignore malicious content within placeholders. • Capability inventory: Shell command execution (find, grep, zip, cp), search across sensitive organizational data via MCPs, and modifying configuration files. • Sanitization: Absent. Content from files is used directly for replacement or presented to the user.
DATA_EXFILTRATION (SAFE): The skill intentionally accesses sensitive data (Slack, Email, Documents) via 'knowledge MCPs' to perform its function. However, no evidence of exfiltration to unauthorized external domains was found.
COMMAND_EXECUTION (SAFE): Uses standard Unix utilities (find, grep, zip, cp) for file management. The scope is limited to local directories and temporary storage.

cowork-plugin-customizer