The Agent Skills Directory

[COMMAND_EXECUTION]: The PowerShell scripts Initialize-DeviceProfile.ps1 and Sync-DeviceProfile.ps1 dynamically execute local command-line utilities such as winget, scoop, npm, choco, git, node, python, and claude to verify installation status and retrieve versions.
[COMMAND_EXECUTION]: The Update-DeviceProfile function in SKILL.md accepts a script block as a parameter and executes it dynamically using the PowerShell call operator (&), representing a surface for dynamic code execution.
[DATA_EXFILTRATION]: The skill aggregates sensitive system information, such as OS version, CPU/RAM specifications, and full file system paths of installed applications. This data is written to a centralized 'Admin Root' directory intended for cloud synchronization (e.g., Dropbox or OneDrive), which moves local system metadata to external storage providers.
[PROMPT_INJECTION]: The skill processes untrusted data from profile.json and tool outputs. Ingestion points: profile.json (potentially synced from other devices) and tool version outputs. Capability inventory: File system writing, command execution via call operator, and system configuration querying via CIM. Sanitization: Absent. This creates a surface for indirect prompt injection where the agent might act upon data synchronized from external sources or captured from command outputs.

device-profile-management