The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file contains forceful instructions aimed at overriding agent behavior and operational requirements. It uses high-pressure language such as '⚠️ MANDATORY SKILL INVOCATION ⚠️', 'YOU MUST invoke this skill (NOT optional)', and 'Failure to invoke this skill... violates your operational requirements' to coerce the agent into specific tool usage.
[COMMAND_EXECUTION]: The skill relies on shell scripts (scripts/dashboard.sh, scripts/devices.sh, etc.) that execute system commands and process data via 'jq'. These scripts accept arguments like limit and format that are passed into shell contexts, which creates a standard surface for potential command injection if inputs are not strictly validated by the calling agent.
[DATA_EXFILTRATION]: The skill aggregates highly sensitive internal network information, including firewall rules, port forwards, routing tables, and client identifiers (MACs/IPs). While restricted to read-only GET requests, the consolidation of this metadata into the agent's context and a persistent local file (~/memory/bank/unifi-inventory.md) exposes a detailed map of the user's internal network infrastructure.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through its processing of network-sourced data. 1. Ingestion points: Data is retrieved from the UniFi API (including device hostnames, app categories, and alert messages) in dashboard.sh and unifi-api.sh. 2. Boundary markers: Absent. The data is interpolated directly into markdown inventory files and terminal tables without delimiters or instructions for the agent to treat the content as untrusted. 3. Capability inventory: The skill has file-write permissions for the inventory dashboard and performs network requests via curl. 4. Sanitization: There is no evidence of escaping or validating strings (like hostname or msg) returned by the API before they are processed by the agent or stored locally.

unifi