The Agent Skills Directory

[COMMAND_EXECUTION]: The skill translates natural language requests directly into terminal commands such as codex exec or gemini, including shell substitutions like $(cat file.ts). This design allows for direct command injection if user input is not strictly sanitized.- [DATA_EXFILTRATION]: The instructions include logic to dump environment variables using env | rg and reading local files to provide context to external models. This capability can be exploited to expose sensitive credentials, project IDs, or private source code.- [REMOTE_CODE_EXECUTION]: Under 'Self-Healing Behavior', the skill is instructed to automatically run an 'upgrade command' suggested by the CLI tool. Executing arbitrary code or updates from external sources without human intervention is a critical security risk.- [PROMPT_INJECTION]: The reliance on translating arbitrary user requests into executable bash commands makes the skill highly susceptible to prompt injection, where a user could manipulate the translation process to execute unintended system-level operations.

call-external-ai