The Agent Skills Directory

[DATA_EXFILTRATION]: The server started by scripts/serve.py includes an Access-Control-Allow-Origin: * header. This configuration allows any website visited by the user to interact with the local API (127.0.0.1:8787), potentially exposing sensitive knowledge base contents, configuration files, and search results to external attackers through cross-origin requests.- [COMMAND_EXECUTION]: The _serve_tree function in scripts/serve.py uses subprocess.run to execute a script named kb_loader.py. The location of this script is determined at runtime by searching through the project directory, which could allow for the execution of arbitrary code if a malicious file with that name is present in a skill/scripts directory within the user's workspace.- [EXTERNAL_DOWNLOADS]: The scripts/index.html file fetches several JavaScript and CSS libraries (marked.js, highlight.js, d3.js, and mermaid.js) from cdn.jsdelivr.net. These are well-known services used for standard document rendering and visualization functionality, and are considered safe under the trusted scope rules.

kb-view