The Agent Skills Directory

DATA_EXFILTRATION (MEDIUM): The skill leverages functionality to bundle local files into a ZIP archive and transmit them to Slack via the Rube integration. This capability could be exploited to exfiltrate sensitive local data (e.g., credentials, private keys) if the agent is tricked into 'packaging' directories containing sensitive information under the guise of skill assets.
COMMAND_EXECUTION (LOW): The skill requires Python 3.7+ and involves generating and 'validating' scripts. This automated validation likely entails executing generated code or system utilities, which represents a dynamic execution surface.
PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through its ingestion of untrusted user-provided skill names and descriptions.
Ingestion points: Metadata fields during skill initialization in SKILL.md.
Boundary markers: None documented to distinguish user data from instructions.
Capability inventory: File system write, directory creation, ZIP packaging, and Slack network transmission.
Sanitization: No explicit sanitization or escaping of user input before it is written to scripts or posted to Slack blocks.

skill-share