The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses an installation pattern that downloads a shell script from 'https://temps.sh/deploy.sh' and pipes it directly to the bash interpreter. This allows for arbitrary remote code execution and is highly vulnerable to supply chain attacks or server compromise.
[EXTERNAL_DOWNLOADS]: The skill downloads and installs the '@temps-sdk/cli' package from the NPM registry and clones the 'gotempsh/temps' repository from GitHub. It also requires the manual download of the MaxMind GeoLite2 database from an external third-party site.
[COMMAND_EXECUTION]: The skill executes various system-level and high-privilege commands, including 'docker run' for managing database and application containers, 'cargo build' for compiling backend components, and 'npm install -g' for global package management.
[PERSISTENCE]: The installation process modifies the user's shell configuration files ('~~/.zshrc' or '~~/.bashrc') to add the Temps binary directory to the system PATH, ensuring the software remains active across future sessions.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its setup interface.
Ingestion points: The 'temps setup' command accepts untrusted data such as GitHub tokens, Cloudflare tokens, and AWS access keys provided by the user or external sources.
Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the parameters provided to the setup process.
Capability inventory: The skill possesses capabilities for remote code execution ('curl | bash'), container management ('docker'), and file system modification ('~/.temps/').
Sanitization: There is no evidence of input validation or sanitization for the domain names or API tokens passed into the shell environment.

temps-platform-setup