The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's installation instructions recommend fetching a shell script from a remote URL and piping it directly to bash. This allows for the execution of unverified code on the host system. Evidence found in SKILL.md: 'curl -fsSL "https://raw.githubusercontent.com/Dicklesworthstone/mcp_agent_mail/main/scripts/install.sh?$(date +%s)" | bash -s -- --yes'.\n- [EXTERNAL_DOWNLOADS]: The skill references external scripts and resources hosted on GitHub (raw.githubusercontent.com/Dicklesworthstone/...) for installation and server management.\n- [COMMAND_EXECUTION]: The tool install_precommit_guard modifies the project's git hooks directory (hooks.d/) to insert executable logic that runs during the git commit process, establishing a persistence mechanism for custom code execution.\n- [PROMPT_INJECTION]: The skill is designed as a coordination layer where it ingests and processes messages (Markdown) from other agents and humans, creating an attack surface for indirect prompt injection.\n
Ingestion points: Untrusted data enters the agent context through the fetch_inbox, search_messages, and summarize_thread tools.\n
Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for processed message content.\n
Capability inventory: The skill can perform file system operations (reservations), modify git hooks, and interact with network services.\n
Sanitization: There is no mention of sanitizing or escaping the content of messages before they are processed or summarized by the agent.

agent-mail