The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The automation scripts provided in SKILL.md (e.g., 'Batch Upload Multiple Files') use shell variable interpolation for variables such as $FILE_NAME and $KB_ID without sanitization. A maliciously named file (e.g., using backticks or semicolons) could trigger arbitrary command execution when the agent runs these bash loops.- [DATA_EXFILTRATION] (LOW): The skill is designed to read local files and upload them to an external service (retriever.denser.ai). While this is the intended functionality, it creates a potential exfiltration path for sensitive local data if the agent is manipulated into reading unauthorized files.- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection via retrieved content. (1) Ingestion points: Content from processed documents and search results in 'query' responses. (2) Boundary markers: Not used in the prompt instructions. (3) Capability inventory: Significant, including shell command execution and file system access. (4) Sanitization: No evidence of sanitization for retrieved text. Malicious instructions inside indexed documents could hijack the agent's logic.

denser-retriever