The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): Scripts such as scripts/common.sh and scripts/top_requests.sh load environment variables by sourcing the config/.env file using the source or . command. The scripts/get_token.sh script populates this file with user-provided tokens without input validation. This creates a vector for command injection: a malicious string like $(reboot) provided as a token would be executed in the shell context whenever any of the API scripts are run.\n- [REMOTE_CODE_EXECUTION] (MEDIUM): The script scripts/query_total.sh attempts to execute an external file named missed_demand.py using the uv tool. This Python script is not included in the provided skill package, making its logic and dependencies unverifiable and potentially unsafe.\n- [DATA_EXFILTRATION] (LOW): The skill transmits the user's API token and search phrases to api.direct.yandex.com and api.wordstat.yandex.net. While these network operations are core to the skill's purpose, they target non-whitelisted external domains.\n- [PROMPT_INJECTION] (LOW): The skill processes untrusted search queries via the --phrase argument and interpolates them into JSON payloads for network requests. Although it implements basic character escaping, the lack of robust sanitization poses a risk for indirect prompt injection if the API responses are processed by an agent. Ingestion: --phrase command-line argument; Boundary markers: JSON object delimiters; Capability inventory: curl network requests and uv execution; Sanitization: json_escape function in scripts/common.sh.

yandex-wordstat