The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to perform shell operations using sed and echo where user-provided credential values are directly interpolated into the command strings. This pattern is vulnerable to command injection if a user provides input containing shell metacharacters (e.g., semicolons, backticks, or pipes), allowing for arbitrary code execution on the host machine. Findings include: interpolation in sed -i "s|^SERVICE_URL=.*|SERVICE_URL=$value|" ~/.claude-homelab/.env and echo "SERVICE_KEY=$value" >> ~/.claude-homelab/.env.
[CREDENTIALS_UNSAFE]: The skill facilitates the collection and storage of sensitive credentials, including API keys for services like Tailscale and Unraid, as well as master passwords for Plex and UniFi. While it includes instructions to set file permissions to 600, the handling of these secrets in plain text within the agent's context and the local file system poses a risk of exposure.
[EXTERNAL_DOWNLOADS]: The skill references and attempts to execute a local script path ${CLAUDE_PLUGIN_ROOT:-$HOME/claude-homelab}/scripts/setup-creds.sh. While intended to be part of the plugin installation, executing scripts from variable paths can be risky if the environment variables are manipulated.
[INDIRECT_PROMPT_INJECTION]: The skill has a vulnerable surface for indirect injection. Ingestion points: User-provided credential values (SKILL.md). Boundary markers: Absent. Capability inventory: Shell command execution via sed, echo, and chmod (SKILL.md). Sanitization: Absent; the skill directly interpolates raw user input into shell execution strings.

homelab-setup