The Agent Skills Directory

Privilege Escalation (HIGH): The file SKILL.md contains instructions for the agent to execute sudo apt update && sudo apt install python3. Directing an AI agent to use sudo to acquire administrative permissions is a high-severity security risk.- External Downloads & Unverifiable Dependencies (MEDIUM): The SKILL.md file instructs the agent to install software using brew install and winget install. While these are standard package managers, instructing an agent to download and install arbitrary software from external sources is a potential remote code execution vector.- Indirect Prompt Injection (LOW): This skill has an injection surface where user queries are passed directly to a search script.
Ingestion points: search.py takes the query argument derived from user requests.
Boundary markers: Absent. There are no delimiters or 'ignore embedded instructions' warnings for the search string.
Capability inventory: The script core.py performs local BM25 searches on CSV files. It does not have network access or file-write capabilities.
Sanitization: core.py uses basic regex re.sub(r'[^\w\s]', ' ', str(text).lower()) to clean input, which provides minimal protection against malicious search strings.

ui-ux-pro-max