The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill downloads and executes scripts from the author's GitHub repository using curl | bash and curl | sh. This pattern is inherently risky as it allows for arbitrary remote code execution without content verification.
Evidence: curl -fsSL https://raw.githubusercontent.com/gupsammy/reddit-cli/main/install.sh | bash in SKILL.md.
Evidence: curl -fsSL https://raw.githubusercontent.com/gupsammy/brave-cli/main/install.sh | sh in SKILL.md.
[COMMAND_EXECUTION]: User-provided inputs, such as {TOPIC} and {VIDEO_URL}, are directly interpolated into bash command strings. This exposes the skill to command injection vulnerabilities if a user provides input with shell metacharacters.
Evidence: reddit-cli search "{TOPIC}" and brave-cli search "{TOPIC}" in SKILL.md.
[CREDENTIALS_UNSAFE]: The skill checks the local ~/.secrets file for the presence of an API key. Accessing files used for sensitive credential storage is a security concern.
Evidence: grep -q "BRAVE_API_KEY" ~/.secrets in SKILL.md.
[EXTERNAL_DOWNLOADS]: The skill initiates external downloads of binary installer scripts to set up the environment.
Evidence: Installation instructions and scripts fetched from raw.githubusercontent.com.
[PROMPT_INJECTION]: The skill processes data from various untrusted platforms (Reddit, X, YouTube) and processes it without sanitization or clear boundary delimiters, creating a risk for indirect prompt injection.
Ingestion points: reddit-cli, bird, and YouTube transcripts.
Boundary markers: None present.
Capability inventory: Extensive command-line tool usage via shell execution.
Sanitization: No input validation or output filtering observed.

run-research