The Agent Skills Directory

[DATA_EXFILTRATION]: The "Safe Query Executor" feature allows the agent to execute arbitrary SELECT SQL queries. While restricted to read-only operations, this capability permits the complete extraction of sensitive information from any accessible database table.
[DATA_EXFILTRATION]: The API management interface includes an endpoint testing tool that can send arbitrary HTTP requests (GET, POST, PUT, DELETE) to any URL with custom headers and bodies. This represents a significant SSRF risk and a potential vector for exfiltrating data to external servers.
[COMMAND_EXECUTION]: The troubleshooting script (scripts/automated_troubleshooting.sh) accesses sensitive system log files (/var/log/syslog) and checks for the presence of high-value environment variables such as ANTHROPIC_API_KEY and DATABASE_URL.
[REMOTE_CODE_EXECUTION]: The skill includes functionality to programmatically update Python and Node.js dependencies and apply security fixes at runtime, which involves downloading and executing third-party code from external registries.
[REMOTE_CODE_EXECUTION]: The scripts/generate_admin_interface.py script employs dynamic code generation to create and write new Python files (admin_dashboard.py) to the local filesystem.
[COMMAND_EXECUTION]: The implementation documentation encourages users to establish persistence via crontab for automated maintenance, which could be misused to execute malicious commands on a recurring schedule.
[EXTERNAL_DOWNLOADS]: The automated troubleshooting script performs network connectivity checks to several well-known external API services, including Anthropic, OpenAI, and Railway.

Self-Service Tooling