The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The skill metadata and documentation specify downloading a binary executable (meme) from a non-trusted GitHub repository (MemeCrafters). This repository is not on the approved trust list, presenting a risk of supply chain attack.
Evidence: https://github.com/MemeCrafters/meme-generator-rs/releases/latest/download/meme-generator-cli-linux-x86_64.zip in SKILL.md metadata.
[REMOTE_CODE_EXECUTION] (HIGH): The troubleshooting section instructs users to download a binary directly using curl and make it executable, which is a high-risk pattern for executing arbitrary remote code.
Evidence: curl -L https://github.com/MemeCrafters/meme-generator-rs/releases/latest/download/meme-x86_64-unknown-linux-gnu -o meme && chmod +x meme in SKILL.md troubleshooting.
[COMMAND_EXECUTION] (HIGH): The skill's primary function is to execute a downloaded system binary with user-supplied arguments (images and text), creating a significant attack surface for command injection if inputs are not sanitized.
Evidence: meme generate <template> --images <paths> --texts <texts> used throughout SKILL.md and references/examples.md.
[PRIVILEGE_ESCALATION] (HIGH): The documentation explicitly encourages the use of sudo to move a downloaded untrusted binary into /usr/local/bin/.
Evidence: sudo mv meme /usr/local/bin/ in SKILL.md troubleshooting.
[INDIRECT_PROMPT_INJECTION] (HIGH): The skill processes untrusted user-supplied text and images while possessing the capability to execute system commands.
Ingestion points: User-provided text strings and file paths for images.
Boundary markers: None present in the command construction examples.
Capability inventory: Execution of external binary (meme) via shell subprocesses.
Sanitization: None mentioned for handling special characters in text or image paths.

generating-memes