The Agent Skills Directory

[Data Exposure] (MEDIUM): The scripts/copy_to_clipboard.py utility provides a --file argument that allows reading any file on the system accessible to the execution environment. This provides a mechanism for the agent to potentially read and expose sensitive files (e.g., SSH keys, credentials) if directed by a malicious prompt or indirect injection.
[Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted text data for posting to social media, creating an attack surface for indirect instructions.
Ingestion points: Text provided via command line arguments, stdin, or external files in copy_to_clipboard.py.
Boundary markers: None used to delimit user content from instructions.
Capability inventory: Browser automation (navigation, clicking, typing), system clipboard access, and local file reading.
Sanitization: No input validation or escaping is performed on the text before it is copied to the clipboard or pasted into the browser.
[Command Execution] (LOW): The Python script executes system commands (xclip or xsel) on Linux using the subprocess module. While these are used for clipboard management, the implementation correctly avoids shell=True, which mitigates standard command injection risks.

x-publish