The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell scripts that process user-supplied arguments. A path traversal vulnerability exists in the cache_dir_for_counter function within scripts/common.sh. The --counter argument is used to build file system paths without sanitization (e.g., _cdc_dir="$CACHE_DIR/counter_$1"), which can be exploited to create directories and write files (CSV reports) to arbitrary locations on the file system relative to the skill's root directory or via absolute paths.
[CREDENTIALS_UNSAFE]: The skill requires a YANDEX_METRIKA_TOKEN to be stored in a config/.env file. Documentation guides users on how to obtain this OAuth token from Yandex. Handling long-lived sensitive tokens in plain-text configuration files is a standard but high-risk practice that requires careful environment management.
[EXTERNAL_DOWNLOADS]: The skill makes automated network requests to official Yandex API endpoints (api-metrika.yandex.net, oauth.yandex.ru) using curl. These downloads are necessary for fetching analytics data and managing session authentication but involve the transmission of sensitive OAuth headers.
[PROMPT_INJECTION]: The skill ingests data from an external API (Yandex Metrika) and presents it to the agent, creating a surface for indirect prompt injection. Ingestion points: API responses processed in counters.sh, goals.sh, and other reporting scripts. Boundary markers: No explicit delimiters are used to separate API data from instructions. Capability inventory: The skill possesses file-writing capabilities and network access. Sanitization: Minimal sanitization is performed on data retrieved from the API before it is displayed or cached.

yandex-metrika