The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill suggests using 'sshpass' with the '-p' flag to pass passwords. This method is insecure as it makes the password visible in plain text to any user who can view the system's process table (e.g., via the 'ps' command).
[COMMAND_EXECUTION]: The skill performing extensive command execution via 'ssh' and 'scp' interpolates user-provided strings directly into shell commands (e.g., 'ssh ... [command]'). This creates a risk of command injection if inputs are not strictly validated or escaped.
[COMMAND_EXECUTION]: The skill references a local Python helper script ('scripts/ssh_helper.py') for connections on Windows platforms. As the source code for this script is not provided within the skill, its behavior and security cannot be verified.
[DATA_EXFILTRATION]: The skill accesses and manages sensitive files within the '~/.ssh/' directory, including private cryptographic keys.
[EXTERNAL_DOWNLOADS]: Troubleshooting documentation recommends installing third-party software ('sshpass') from external repositories using package managers such as 'brew', 'apt', and 'yum'.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. Ingestion points: Accepts host, username, password, and command strings from the user. Boundary markers: No delimiters are used to separate user-provided data from the shell command templates. Capability inventory: The skill has the ability to execute subprocesses, transfer files, and perform network operations. Sanitization: There is no evidence of input validation or escaping before data is passed to shell commands.

ssh-server-admin