The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/publish.sh suggests installing the jq dependency by running curl -fsSL https://here.now/install.sh | bash. This pattern is insecure as it executes remote code without any verification or integrity checks.
[COMMAND_EXECUTION]: The publish.sh script executes various system commands, including curl, find, jq, file, wc, mkdir, chmod, and sha256sum. These operations are performed on user-controlled file paths, creating a potential surface for command injection if inputs are malicious.
[CREDENTIALS_UNSAFE]: The documentation in SKILL.md instructs the agent to automatically save user API keys into ~/.herenow/credentials. Storing secrets in predictable filesystem locations through automated agent actions increases the risk of credential theft or accidental exposure.
[DATA_EXFILTRATION]: The skill's primary function involves reading local files and sending their contents, along with authentication tokens, to the https://here.now service. This represents a planned transfer of data to an external authority.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes user-provided files and directories that could contain malicious instructions.
Ingestion points: The TARGET argument in scripts/publish.sh which specifies the local file or directory to be published.
Boundary markers: Absent. The script does not use delimiters or warnings to prevent the agent from following instructions found within the files it handles.
Capability inventory: The skill can execute shell commands, perform network requests, and write to the local filesystem.
Sanitization: No sanitization or filtering of file content is performed before processing.

here-now