The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands using find, sed, and grep where user-provided inputs like {{OLD_KEY}} and {{NEW_KEY}} are directly interpolated. The sed command uses | as a delimiter, which can be easily broken if an input key contains that character, potentially leading to arbitrary command execution or unexpected file corruption.
[CREDENTIALS_UNSAFE]: The skill explicitly targets and modifies highly sensitive files such as .env and keys.json across common project paths and the home directory. It requires the user to input API keys as plain text, increasing the risk of credential exposure within the agent's environment or history.
[PROMPT_INJECTION]: The skill's procedure involves reading and processing data from *.log files, which provides an attack surface for indirect prompt injection. An attacker who can write to application logs could embed instructions that the agent might inadvertently follow during the 'verify' or 'report' stages. 1. Ingestion points: Reads from *.env, keys.json, and *.log in SKILL.md (Procedure steps 2 and 4). 2. Boundary markers: No delimiters or protective instructions are provided to help the agent distinguish between data and instructions within these files. 3. Capability inventory: Uses shell-based file search, modification, and pattern matching. 4. Sanitization: No escaping or validation is performed on the user-provided keys or the content found within the target files.

rotate-api-keys