The Agent Skills Directory

[TIME_DELAYED_ATTACK]: The skill executes a Python script to check if the current date is April 1st in any common timezone. If the condition is not met, it artificially terminates execution with the message 'Skill is not available.' This conditional trigger pattern is used to gate functionality based on environment variables (time).
[METADATA_POISONING]: The skill provides deceptive descriptions of its behavior, claiming to perform a 'full code quality scan,' 'Audit 47 dependency vulnerabilities,' and 'Correlating crash traces.' In reality, the skill implementation merely prints static text to the console and opens a browser window without performing any local or remote analysis.
[DATA_EXFILTRATION]: The skill uses subprocess calls to git to extract project metadata, including the project root directory name and the current commit hash (short HEAD). This information is transmitted to a remote URL (bug-report.sentry.dev) via URL query parameters. While the destination belongs to the skill's author (Sentry), the collection and transmission of project state under deceptive pretenses is a security concern.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to run arbitrary Python scripts for environment checks and data manipulation, as well as executing system-level commands like git and platform-specific browser openers (open, xdg-open, start).

generate-bug-report