The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/status.sh script is vulnerable to command injection via its configuration ingestion point (overlay.yaml). It lacks boundary markers and sanitization when interpolating variables like $container and $url into shell commands executed via bash -lc or ssh. Its capability inventory includes arbitrary shell and remote command execution.
[REMOTE_CODE_EXECUTION]: The skill's primary purpose is to execute commands on remote servers using ssh based on user-defined targets and keys. This provides a remote code execution capability on the infrastructure defined in the client overlay.
[EXTERNAL_DOWNLOADS]: The skill executes scripts from shared and platform-specific paths outside its own directory, specifically _shared/scripts/resolve_context.py and management tools located in ~/.claude/skills/skill-issue/scripts/.
[DATA_EXFILTRATION]: The skill uses curl to access health check URLs defined in the local configuration. This surface allows for potential data exfiltration or SSRF if the configuration is pointed to a malicious external endpoint.

ssh-info