The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The skill contains a 'curl | bash' installation pattern (curl -sfL https://raw.githubusercontent.com/ghostsecurity/reaper/main/scripts/install.sh | bash). This is a critical security risk as it downloads a script from a remote URL and executes it immediately with the user's privileges without any integrity verification.
EXTERNAL_DOWNLOADS (HIGH): The remote script is hosted under the ghostsecurity GitHub organization, which is not on the list of trusted sources. Executing code from unverified third-party repositories poses a high risk of supply chain compromise.
COMMAND_EXECUTION (MEDIUM): The skill provides the ability to start and control the reaper MITM proxy. This tool is designed to intercept and inspect HTTP/HTTPS traffic, which may contain sensitive credentials, API keys, or personal data. While consistent with the skill's stated purpose, it provides the agent with a powerful mechanism to observe sensitive communications.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted external data (captured HTTP traffic) and presents it to the agent.
Ingestion points: Untrusted data enters the agent context via reaper logs, reaper get, and reaper search commands (SKILL.md).
Boundary markers: There are no delimiters or instructions warning the agent to ignore potentially malicious content embedded in the captured traffic.
Capability inventory: The agent can execute system commands and perform network operations via the proxy setup.
Sanitization: No sanitization or filtering is applied to the raw HTTP traffic before it is processed by the agent.

ghost-proxy