The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides an infrastructure for executing external CLI tools such as Gemini and Qwen using subprocess.run within the execute_safely function in modules/execution-patterns.md.- [REMOTE_CODE_EXECUTION]: In modules/execution-patterns.md, the build_command function constructs shell commands by interpolating variables including prompt and files into string templates. This dynamic assembly of executable content is vulnerable to command injection if input values are not strictly validated before being passed to the shell environment.- [DATA_EXFILTRATION]: The configuration schema defined in modules/service-config.md explicitly manages sensitive credentials like GEMINI_API_KEY and QWEN_API_KEY via environment variables. The presence of a command execution engine that accepts user-controlled strings provides a vector for an attacker to read and exfiltrate these secrets.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where malicious data could influence system-level actions.
Ingestion points: Untrusted data enters the system through the prompt and files parameters in the execute and build_command functions.
Boundary markers: The provided command templates lack explicit delimiters or instructions to isolate user input from the command structure.
Capability inventory: The skill maintains the capability to execute shell commands via subprocess.run through the registry.
Sanitization: While the code uses shlex.split to tokenize command strings, it lacks high-level validation or sanitization of inputs before they are interpolated into the executable template.

service-registry