The Agent Skills Directory

[DYNAMIC_EXECUTION]: The script scripts/generate_key.py contains logic to generate shell scripts at runtime. Evidence: The generate_script method takes a template string from command-line arguments and writes it into a new .sh file. Risk: This allows for the creation and execution of arbitrary shell commands if the input template is influenced by malicious instructions or untrusted data.
[PRIVILEGE_ESCALATION]: The skill performs risky permission changes on dynamically created files. Evidence: In scripts/generate_key.py, the generate_script method executes file_path.chmod(0o755) on newly created shell scripts. Risk: Elevating file permissions to executable status on dynamically generated content is a common technique used to prepare malicious payloads for execution.
[METADATA_POISONING]: There is a discrepancy between the script's identifier and its actual implementation. Evidence: scripts/generate_key.py is described as a tool to generate encryption keys, but the code implements a generic generator for markdown, JSON, and shell scripts. Risk: Deceptive naming can mislead users and automated auditors about the skill's actual capabilities and security profile.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process external code and configuration files while possessing significant system capabilities. Ingestion points: The skill reads codebase and configuration files as specified in SKILL.md. Boundary markers: None identified. Capability inventory: The skill has access to Read, Write, Edit, Grep, Glob, and Bash tools. Sanitization: No sanitization or validation of the ingested file content is performed. Risk: Malicious instructions embedded in the analyzed codebase could influence the agent to perform unintended actions using its privileged tools.

encrypting-and-decrypting-data