The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file uses high-pressure language and imperative markers like 'CRITICAL REQUIREMENT', 'MANDATORY', and 'non-negotiable' to override the agent's logic. It specifically commands the agent to include ~/.agents/skills as a target directory even though it is missing from the script's TARGET_DIRS list, attempting to manipulate the agent into performing unconfigured file operations.
[COMMAND_EXECUTION]: The script sync-skill.sh performs recursive deletion (rm -rf) and directory copying (cp -r) using paths derived from external, untrusted sources.
Path Traversal Vulnerability: In the sync_skillsmp_page function, the skill_name is extracted from external HTML content using grep and sed. Because this input is not sanitized for path traversal sequences (e.g., ..), an attacker-controlled website could provide a 'skill name' that resolves to sensitive locations such as ~/.ssh or ~/.bashrc. When sync_to_targets is called, it executes rm -rf "$target/$skill_name", potentially deleting critical user data or configuration files before overwriting them with content from the malicious source.
[EXTERNAL_DOWNLOADS]: The skill downloads content from arbitrary GitHub repositories and external websites (specifically skillsmp.com) without verifying the integrity or safety of the content before moving it into sensitive AI tool configuration directories.

sync-skills