The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/search.sh script is vulnerable to arbitrary shell command execution through the CURSOR argument.
Evidence: The script uses the CURSOR variable (assigned from the second command-line argument) directly inside a bash arithmetic expansion: START=$((CURSOR * 10)).
Vulnerability: In Bash, arithmetic expansions ($((...))) perform shell expansion on their contents before evaluation. If a user or an agent provides a value such as $(id) for the cursor, the shell will execute the subshell command.
Mitigation: The script should validate that the CURSOR input consists only of numeric digits before performing arithmetic operations.
[PROMPT_INJECTION]: The skill processes untrusted data from external search results, which can be leveraged to exploit the command execution vulnerability via indirect prompt injection.
Ingestion points: Search results containing untrusted text from the web are fetched in scripts/search.sh via the Bright Data API.
Boundary markers: While the output is structured as JSON, there are no delimiters or instructions to prevent the agent from interpreting text within the title or description fields as new commands.
Capability inventory: The skill possesses the capability to execute shell commands through the vulnerable scripts/search.sh script.
Sanitization: No input validation is performed on the CURSOR argument to ensure it is a safe integer value.
[SAFE]: The skill follows security best practices for credential management by requiring API keys to be provided via environment variables rather than hardcoding them.
[SAFE]: The search query is correctly handled using jq's URI encoding functionality to prevent injection into the search URL.

search