The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill encourages the use of highly insecure installation patterns, specifically piping remote scripts directly from the internet into a shell interpreter. This allows for arbitrary code execution from the 'lbjlaq' GitHub repository.
Evidence: curl -fsSL https://raw.githubusercontent.com/lbjlaq/Antigravity-Manager/v4.1.30/install.sh | bash and irm https://raw.githubusercontent.com/lbjlaq/Antigravity-Manager/main/install.ps1 | iex.
[COMMAND_EXECUTION]: The instructions include commands that modify system-level security attributes and install global packages with elevated privileges.
Evidence: sudo apt install libwebkit2gtk-4.1-dev, xattr -d com.apple.quarantine, and cargo install tauri-cli.
[CREDENTIALS_UNSAFE]: The skill's primary function is to manage sensitive web session tokens and API keys. It stores these in a local JSON file (~/.antigravity_tools/gui_config.json) and provides instructions to retrieve them in plain text using grep.
[EXTERNAL_DOWNLOADS]: The skill fetches various scripts, binaries, and Docker images from unverified third-party sources, including the lbjlaq account on GitHub and Docker Hub.
[PROMPT_INJECTION]: As an API proxy, the skill possesses an indirect injection surface. It ingests untrusted data through its API endpoints (e.g., /v1/chat/completions) and forwards them to upstream AI providers. There are no documented boundary markers or sanitization procedures to prevent malicious instructions embedded in the proxied data from influencing the agent or the downstream services.

antigravity-manager