The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill handles sensitive credentials insecurely through several actions. It writes generated passwords to temporary files in /tmp/ (prod_password.txt and local_password.txt), which are often globally readable on multi-user systems. It creates an unencrypted file keystores/KEYSTORE_INFO.txt containing the raw keystore passwords and a Base64-encoded representation of the private JKS file, which facilitates the exposure of signing keys. It also prints the generated passwords to the terminal output, ensuring they are recorded in the agent's interaction logs.
[COMMAND_EXECUTION]: The skill dynamically constructs and executes shell commands based on local file content. It extracts the applicationId from app/build.gradle.kts using grep and sed and interpolates the resulting variable into keytool commands without validation. This pattern is vulnerable to command injection if the project file is maliciously modified to include shell metacharacters.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. 1. Ingestion points: app/build.gradle.kts. 2. Boundary markers: No delimiters or warnings are used for the extracted variables. 3. Capability inventory: keytool, openssl, mkdir, cat. 4. Sanitization: No escaping or validation is performed on the content extracted from the build file before it is used in shell commands.

android-keystore-generation