The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill employs a centralized configuration reader in 'scripts/config' that outputs shell environment variable assignments, which are subsequently executed via 'eval' in most integration scripts (e.g., 'scripts/axiom-api', 'scripts/slack'). This pattern of dynamic execution based on local configuration files represents a medium risk if the 'config.toml' file is tampered with or contains malicious injections.
DATA_EXFILTRATION (LOW): The 'Org Memory' system (via 'scripts/mem-share' and 'scripts/org-add') allows the agent to configure and push knowledge base content to arbitrary Git repositories. This capability could be abused to exfiltrate sensitive incident data or internal facts stored in the memory system to attacker-controlled repositories.
PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted data from external platforms without sanitization. Ingestion points: 'scripts/axiom-query' (Axiom logs), 'scripts/slack' (messages), and 'scripts/sentry-api' (Sentry reports). Boundary markers: No specific delimiters or safety instructions separate untrusted content from the agent's instructions. Capability inventory: Includes network access via 'curl', local file writing for memory management, and shell execution. Sanitization: No sanitization or filtering is performed on external data before it is presented to the agent.

axiom-sre