The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill encourages the highly insecure practice of embedding authentication tokens directly into Git URLs (e.g., http://user:TOKEN@<host>/...). This results in sensitive credentials being exposed in the user's shell history, process listings, and server logs.
[EXTERNAL_DOWNLOADS]: The skill depends on 'extea', a non-standard and unknown command-line tool presented as a Gitea client. The documentation provides no information on its source, integrity, or how to safely install it, posing a supply chain risk.
[COMMAND_EXECUTION]: Several provided command templates are vulnerable to shell command injection. Specifically, templates that use subshells and interpolation (e.g., $(printf '%s' "$CONTENT" | base64)) to process content variables can be exploited if the variable contains malicious shell metacharacters.
[PROMPT_INJECTION]: The skill presents a significant indirect prompt injection surface as it is designed to ingest and process various forms of untrusted data from Gitea instances.
Ingestion points: extea issues list, extea pulls list, extea notifications, and extea api calls for wiki and user profile data in SKILL.md.
Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore or isolate embedded instructions in external data.
Capability inventory: The skill possesses high-privilege capabilities including repository deletion (extea repos delete), pull request merging (extea api ... /merge), and arbitrary network/API operations via curl and extea api.
Sanitization: Absent. No methods for escaping, validation, or sanitization are mentioned for the external data before it is interpolated into shell commands or processing scripts.

gitea