The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Automated scanners identified 'tool.in' as a malicious URL. This may be a false positive triggered by variable properties like '$tool.installStatus' within the script logic, but it constitutes a high-risk finding as flagged in the skill's context.
[COMMAND_EXECUTION]: The skill persistently modifies the Windows 'Execution Policy' to 'RemoteSigned' for the current user, which reduces default system protections against the execution of untrusted scripts.
[COMMAND_EXECUTION]: The script 'Verify-ShellEnvironment.ps1' uses the PowerShell call operator '&' to execute commands derived from the system PATH, creating a critical dependency on the integrity of the environment variables.
[COMMAND_EXECUTION]: The skill performs permanent modifications to User and System PATH environment variables using the '[Environment]::SetEnvironmentVariable' method, a powerful administrative action that can be leveraged for command redirection or hijacking.
[REMOTE_CODE_EXECUTION]: The skill facilitates the installation of third-party packages via managers like scoop, winget, and chocolatey without implementing verification mechanisms for the sources or binary integrity.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing external configuration files ('.env' and 'profile.json') without sanitization or validation.
Ingestion points: '.env' file (via 'Load-EnvFile') and 'profile.json' (via 'Read-Json' helper).
Boundary markers: None; external configuration values are expanded and applied directly to the environment.
Capability inventory: Full PowerShell execution environment, including access to the registry, file system, and system environment variables.
Sanitization: No validation or escaping of input values from configuration files is performed before they are used in environment setup.

admin-windows