The Agent Skills Directory

DATA_EXFILTRATION (HIGH): The skill documentation explicitly includes examples that access sensitive file paths. Specifically, the command eve profile set --default-ssh-key ~/.ssh/id_ed25519 references a private SSH key, which could lead to unauthorized data exposure or exfiltration if an agent executes or reveals the contents of this path.
DATA_EXFILTRATION (LOW): The skill targets a non-whitelisted external API domain (https://api.eh1.incept5.dev) via the eve profile create command. While not inherently malicious, it establishes a network communication path outside of trusted domains.
CREDENTIALS_UNSAFE (LOW): The skill provides primitives for managing secrets (eve secrets set) and integrations (eve integrations slack connect). While the examples use placeholders like xoxb-test, the primary purpose of these commands is the handling of sensitive authentication material, which increases the risk of credential exposure if handled incorrectly by the agent.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: Untrusted data enters the agent context through CLI arguments such as --inputs, --body, --text, and --input (found in SKILL.md).
Boundary markers: None are present in the examples to delimit untrusted input from system instructions.
Capability inventory: The skill allows for command execution (via eve CLI), file system reference (SSH keys), and network operations (API calls).
Sanitization: No sanitization or validation of the external content is mentioned or demonstrated.

eve-cli-primitives