The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/sab-api.sh script is vulnerable to command injection via the Python-based URL encoding logic. The script interpolates the $url shell variable directly into a Python command string: python3 -c "...quote('$url', ...)". A maliciously crafted URL containing Python escape characters (such as ') or __import__('os').system('id') or (') would allow arbitrary code execution on the user's system.
[PROMPT_INJECTION]: The SKILL.md file uses coercive and imperative language to force agent behavior. Phrases like '⚠️ MANDATORY SKILL INVOCATION ⚠️', 'YOU MUST invoke this skill', and 'Failure... violates your operational requirements' are designed to override the agent's decision-making and safety protocols.
[DATA_EXFILTRATION]: The skill accesses the sensitive file ~/.claude-homelab/.env to retrieve the SABNZBD_API_KEY. It then transmits this key as a query parameter in GET requests (apikey=${SAB_API_KEY}), which can leak the credential through server logs or network history.
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by processing external data from the SABnzbd API without sanitization or boundary markers.
Ingestion points: External data enters via the queue and history slots (e.g., file names, category names) returned by the SABnzbd API.
Boundary markers: None; the agent is not instructed to treat API-returned data as untrusted or to ignore instructions embedded within it.
Capability inventory: The agent can execute shell commands via curl, read local files for upload, and perform network requests.
Sanitization: No filtering or validation is performed on the data retrieved from the API before it is presented to the agent's context.

sabnzbd