The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs users to install the tool by downloading a shell script from an untrusted remote URL (https://raw.githubusercontent.com/pranshuparmar/witr/main/install.sh) and piping it directly into bash. This pattern executes unverified code with the privileges of the current user.
[REMOTE_CODE_EXECUTION]: On Windows, the skill recommends using Invoke-RestMethod (irm) to fetch a PowerShell script from a third-party source (https://raw.githubusercontent.com/pranshuparmar/witr/main/install.ps1) and piping it to Invoke-Expression (iex), which executes remote code without prior inspection.
[COMMAND_EXECUTION]: The installation instructions for Alpine Linux suggest using 'sudo apk add --allow-untrusted ./witr-*.apk'. This command requires root privileges and explicitly bypasses package signature verification, creating a high risk of installing malicious system-level software.
[EXTERNAL_DOWNLOADS]: The skill references multiple external download sources for the 'witr' binary from a third-party GitHub repository (pranshuparmar/witr) that is not associated with the skill author or a trusted vendor organization.
[COMMAND_EXECUTION]: The documentation frequently suggests running the tool with 'sudo' (e.g., 'sudo witr ') to access system-level process information, which increases the potential impact of any vulnerabilities within the third-party binary.
[PROMPT_INJECTION]: The skill creates an indirect prompt injection surface because it processes and presents untrusted system data (process names, command lines, environment metadata) to the agent.
Ingestion points: System process metadata and causality chains retrieved by the 'witr' command in SKILL.md.
Boundary markers: None present; the agent is not instructed to treat the tool's output as potentially malicious or untrusted.
Capability inventory: Execution of the 'witr' binary with potential sudo privileges.
Sanitization: No sanitization or validation of external process data is described.

witr-process-inspector