The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill contains explicit instructions to bypass safety checks, stating that commands should be 'directly executed' and 'without user confirmation' (无需用户确认). This is a direct violation of safety guidelines designed to prevent autonomous execution of sensitive operations.- COMMAND_EXECUTION (MEDIUM): The workflow relies on the execution of shell commands like mkdir and curl. While these are functional for the task, the instruction to automate them without oversight increases the risk of command injection if parameters are not properly sanitized.- EXTERNAL_DOWNLOADS (MEDIUM): The skill automates the downloading of files via curl. Without a confirmation step, the agent could be manipulated into downloading malicious payloads or interacting with attacker-controlled endpoints.- DATA_EXFILTRATION (LOW): Although no explicit exfiltration is present, the ability to run curl without confirmation provides a primitive that could be exploited to transmit local data to external servers.- INDIRECT PROMPT INJECTION (LOW): The skill processes external data (API responses and user prompts) and uses them to construct shell commands. Evidence: 1. Ingestion points: User prompts and API polling results; 2. Boundary markers: Absent; 3. Capability inventory: curl, mkdir, and file writing; 4. Sanitization: Not specified.

dreamina-batch-management