The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): Stdin injection vulnerability in scripts/play.sh. The script uses echo -e to pass the variable $CMD (derived from user input) into a sequence of commands piped to the dfrotz interpreter. An attacker can provide a string containing newline characters to inject interpreter commands, such as look\nsave\n~/.bashrc\ny, which would cause the interpreter to overwrite a specified file with binary game state data.\n- PROMPT_INJECTION (LOW): Indirect prompt injection surface detected. The agent reads and processes output from the dfrotz game engine in scripts/play.sh and scripts/status.sh without any sanitization or boundary markers (e.g., delimiters). This allows potentially malicious text within a game file to influence the agent's behavior.\n- DATA_EXPOSURE (LOW): The scripts/setup.sh script allows for the configuration of an arbitrary filesystem path for an 'Obsidian vault', which the skill then uses as a target for writing transcripts and logs, potentially allowing unauthorized file creation in sensitive directories.\n- METADATA_POISONING (MEDIUM): The README.md contains deceptive licensing information, claiming Zork I is MIT licensed as of a future date (November 2025). Such misleading claims are often used to mask the true nature of a skill or its dependencies.

zork