The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill recommends installing software by piping a remote script directly into the shell using curl -sSf https://gitlawb.com/install.sh | sh. This pattern is extremely dangerous as it executes unvetted code from an external server with the user's current privileges.
[CREDENTIALS_UNSAFE]: The instructions for interacting with the Base L2 registry (e.g., gl name register) require passing an Ethereum private key via the --private-key $ETH_PRIVATE_KEY flag. Providing secrets as command-line arguments is insecure because they can be captured in shell history, process lists, and system logs.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from a decentralized network. Ingestion points: Commands like gl pr view, gl issue view, and gl task list fetch content from external nodes. Boundary markers: There are no instructions to use delimiters or ignore embedded commands in the retrieved data. Capability inventory: The agent has extensive shell and blockchain capabilities that could be abused if malicious instructions are followed. Sanitization: No validation or sanitization of the remote content is mentioned.
[COMMAND_EXECUTION]: The skill makes extensive use of shell commands for local environment setup, identity generation (gl identity new), and git operations, which involve file system modifications and network pushes.
[DATA_EXFILTRATION]: The skill manages sensitive cryptographic identities (stored in ~/.gitlawb/identity.pem) and blockchain private keys. Any compromise of the CLI tool or the installation script could facilitate the theft and exfiltration of these credentials.

gitlawb