The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The analysis script scripts/analyze-pm-data.js takes a file path as its first command-line argument and passes it directly to fs.readFileSync without validation. This allows for arbitrary file read access, which an attacker could exploit to access sensitive local files (e.g., config files, credentials) by providing malicious paths to the tool.
[EXTERNAL_DOWNLOADS] (LOW): The SKILL.md file recommends an external, untrusted MCP server at https://tmf628.mcpgateway.online/mcp. Interacting with non-whitelisted domains can lead to data exfiltration or the ingestion of malicious content.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection by processing data from external TMF628 APIs without sanitization.
Ingestion points: Performance-Management-v4_retrieveMeasurementCollectionJob and other tool outputs.
Boundary markers: Absent; the agent is not instructed to ignore commands embedded in the tool results.
Capability inventory: The agent can execute local scripts and read files.
Sanitization: Absent; data is processed as raw JSON.

tmf628-performance-manager