The Agent Skills Directory

Remote Code Execution (CRITICAL): The skill contains several instances of the 'curl | bash' pattern, which executes remote scripts with full shell privileges.
Workflows/Transcription.md contains curl -LsSf https://astral.sh/uv/install.sh | sh.
Automated scanners detected curl -fsSL https://claude.ai/install.sh | bash. Neither source is in the trusted repository list.
Command Execution (HIGH): High-risk command execution patterns were identified across multiple files.
Workflows/HomeBridgeManagement.md instructs the user to execute commands with sudo launchctl, which can lead to privilege escalation.
Tools/AddBg.ts and Tools/RemoveBg.ts use child_process.exec to run ImageMagick and shell commands with unsanitized file paths. This is a classic command injection vector if an attacker can influence file names.
External Downloads (MEDIUM): The skill downloads and updates resources from untrusted external sources at runtime.
Tools/fabric/update-patterns.sh uses the fabric CLI to pull updates, and patterns are downloaded from untrusted GitHub accounts (e.g., danielmiessler/fabric) as seen in Tools/fabric/Patterns/extract_wisdom/README.md.
Indirect Prompt Injection (LOW): The skill has an extremely large attack surface for indirect prompt injection due to its complex toolset and ingestion of untrusted data.
Ingestion Points: Tools/ExtractTranscript.ts (audio files), Tools/extract-transcript.py (video/audio), and various Fabric patterns designed to process arbitrary text input.
Boundary Markers: Most patterns lack clear delimiters or instructions to ignore instructions embedded in the input data (e.g., Tools/fabric/Patterns/summarize/system.md simply appends INPUT:).
Capability Inventory: The skill has access to subprocess spawning (exec, spawn), file system writing (writeFile), and network access (fetch), providing powerful primitives for an exploit payload.
Sanitization: No evidence of input validation or escaping was found in the provided processing scripts.

CORE