The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the user to install the Google Apps Manager (GAM) tool using a shell pipe execution pattern (bash <(curl ...)) from an untrusted domain. This method allows the execution of remote scripts with full user privileges without prior inspection.
Evidence: 'bash <(curl -s -S -L https://gam-shortn.appspot.com/gam-install)' in SKILL.md.
[CREDENTIALS_UNSAFE]: The documentation contains multiple instances of hardcoded passwords within example commands. Using static literal values for credentials increases the risk of accidental exposure during deployment or use.
Evidence: '"password": { "value": "TempP@ss123!" }' in Okta user creation example.
Evidence: '--password "TempP@ss123!"' in Azure AD user creation command.
[COMMAND_EXECUTION]: The skill makes extensive use of powerful system tools including curl, az, aws, and gh to perform sensitive administrative operations. This broad command execution surface is risky if inputs or scripts are compromised.
Evidence: Numerous examples using CLI tools to modify organizational policies, revoke access, and manage user accounts.
[EXTERNAL_DOWNLOADS]: The skill downloads software and configurations from external sources that are not recognized as trusted vendors or well-known services.
Evidence: Installation of GAM from the gam-shortn.appspot.com domain.
[PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by processing external CSV files for high-privilege administrative tasks without providing sanitization or boundary markers.
Ingestion points: 'gam csv users.csv' in SKILL.md.
Boundary markers: Absent; the skill does not instruct the agent to distinguish between data and potential commands within the CSV fields.
Capability inventory: Includes user creation, role assignment, and password management across Workspace, Okta, and Azure.
Sanitization: Absent; there is no validation or escaping of CSV data before it is interpolated into administrative shell commands.

identity-access-management