The Agent Skills Directory

DATA_EXFILTRATION (MEDIUM): The web-searcher agent configuration (agents/web-searcher.md) requests both read and webfetch permissions. Since this agent is specifically designed to ingest and process untrusted content from the web, this tool combination allows an attacker to use indirect prompt injection to read sensitive local files and exfiltrate them to an external server.
COMMAND_EXECUTION (MEDIUM): The promote-research.py script (scripts/promote-research.py) is vulnerable to path traversal because it concatenates the user-provided filename argument directly into file paths without sanitization. This allows an attacker to manipulate the agent into reading or moving files from arbitrary locations on the system.
PROMPT_INJECTION (LOW): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it ingests data from external websites and codebase files without using boundary markers, sanitization, or instructions to ignore embedded commands.
DATA_EXFILTRATION (LOW): The gather-metadata.py script is designed to collect and output system environment details, including working directories and repository URLs, which could be used for reconnaissance if the agent is compromised.

researching-codebases