The Agent Skills Directory

REMOTE_CODE_EXECUTION (CRITICAL): The initialization script 'scripts/init_debian_server.sh' downloads and executes scripts directly from 'https://get.docker.com' using 'sh'. This pattern grants full execution control to a remote source and is a primary attack vector for server compromise.
COMMAND_EXECUTION (HIGH): The 'scripts/docker_deploy.sh' script is vulnerable to command and file injection. It takes user-provided arguments ('SERVICE_NAME' and 'DOMAIN') and interpolates them directly into shell heredocs to create 'docker-compose.yml' and into filesystem paths without any sanitization.
CREDENTIALS_UNSAFE (HIGH): The skill relies on storing root passwords, database credentials, and Cloudflare API tokens in a plain-text file at '/opt/pathfinders/.credentials'. Multiple scripts read this file, creating a significant risk of sensitive data exposure.
PROMPT_INJECTION (HIGH): The skill has a significant Indirect Prompt Injection surface (Category 8). It ingests untrusted user data and uses it to drive high-privilege capabilities including file system writes, Docker container management, and Nginx configuration. There are no boundary markers or sanitization logic to prevent a malicious user from overriding the intended deployment behavior.
EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads the Docker Compose binary directly from a remote GitHub URL and executes it after setting execution permissions. While the source is a known repository, the lack of integrity verification (e.g., checksum validation) makes it a risk.
PRIVILEGE_ESCALATION (HIGH): Scripts within the skill modify system-level security configurations, including disabling SSH password authentication and modifying 'sshd_config', which could lead to accidental lockout or unauthorized modification if triggered by malicious input.

devops-pathfinders