The Agent Skills Directory

[Data Exposure & Exfiltration] (MEDIUM): The script scripts/publish-greengale.py accepts a --file argument and reads the specified file's contents into a variable which is then uploaded to an external server. This creates a risk where an attacker could trick the agent into reading and publishing sensitive local files such as SSH keys or environment configurations.
[Credentials Unsafe] (LOW): The skill manages ATProtocol authentication using credentials like ATPROTO_APP_PASSWORD from environment variables. While necessary for the protocol, these are sensitive secrets.
[Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect injection because it processes untrusted file content for publication without sanitization. 1. Ingestion points: --file and --content arguments in publish-greengale.py. 2. Boundary markers: Absent. 3. Capability inventory: Network POST requests to external PDS. 4. Sanitization: Only character count truncation is performed.
[Remote Code Execution] (LOW): The SKILL.md file mentions a script named tools/thread.py which is not included in the provided files, making its behavior unverifiable.

posting-to-atproto