The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The skill recommends installing the Rover CLI using piped remote execution patterns. This involves downloading a script from an untrusted external domain and executing it directly in the shell without any verification or integrity checks.
Evidence: Found in SKILL.md and references/configuration.md as curl -sSL https://rover.apollo.dev/nix/latest | sh and iwr 'https://rover.apollo.dev/win/latest' | iex.
EXTERNAL_DOWNLOADS (HIGH): The skill encourages the installation of binaries and scripts from rover.apollo.dev. Because this domain is not on the trusted organizations list, downloading and executing content from it is considered high-risk.
COMMAND_EXECUTION (MEDIUM): The skill instructions include granting execution permissions to downloaded binaries via chmod +x. Modifying file permissions on externally sourced files is a sensitive action that elevates the impact of potentially malicious downloads.
Evidence: Mentioned in references/configuration.md as chmod +x ~/.rover/bin/rover.
CREDENTIALS_UNSAFE (LOW): The skill's primary function requires the use of an APOLLO_KEY. While the documentation follows best practices by recommending environment variables, the management of these secrets in an AI agent context increases the surface area for accidental leakage or exfiltration.
PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) due to its data processing behavior.
Ingestion points: Untrusted schema data enters the context via rover subgraph introspect (network) and schema: file: (local filesystem).
Boundary markers: Absent; there are no delimiters or instructions to ignore embedded prompts within the fetched schemas.
Capability inventory: The skill possesses extensive capabilities including Bash command execution and file writing (Write, Edit).
Sanitization: No sanitization or schema validation is performed on external content before it is processed by the agent.

rover