The Agent Skills Directory

Privilege Escalation (MEDIUM): The skill documentation (e.g., in patterns/docker.md and replay/README.md) suggests using sudo for Docker operations and recommends chmod 777 as an immediate fix for permission errors. These commands grant excessive privileges and weaken system security, although they are associated with the skill's primary troubleshooting purpose.
Data Exposure (MEDIUM): In SKILL.md, the 'Debug Commands' section instructs the agent to use env | grep and printenv. These commands access the environment space, which frequently contains sensitive information such as service credentials, private tokens, and configuration secrets.
Indirect Prompt Injection (LOW): The skill is designed to ingest and parse arbitrary, untrusted error messages and stack traces. This data is then used to trigger diagnostic workflows that can include package installations (npm install, pip install) and network inspections. An attacker could potentially craft a malicious error message to manipulate the agent's response or actions.
Ingestion points: Error message parsing in SKILL.md (Step 2: Parse) and replay matching in replay/README.md.
Boundary markers: Absent; the skill does not wrap processed error data in delimiters or include instructions to disregard embedded commands.
Capability inventory: Includes execution of package managers, network status tools (lsof, netstat), and system administration commands (env, chmod, chown, docker).
Sanitization: None; the skill uses direct string matching and pattern extraction on raw error input.

Error Resolver