The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is designed to ingest and analyze untrusted external binary data. It lacks boundary markers or sanitization logic to separate the binary's data from the agent's instructions. Combined with the skill's capabilities to execute scripts and system tools, a malicious binary could potentially influence agent behavior or cause unintended command execution.
Ingestion points: Analyzed <binary> files via multiple tools (strings, objdump, etc.) in SKILL.md.
Boundary markers: Absent. The skill does not instruct the agent to ignore instructions embedded within the binary data.
Capability inventory: Subprocess calls for system tools (objdump, strace), Python code execution for decoding, and library injection via LD_PRELOAD.
Sanitization: Absent. There is no validation or escaping of strings or data extracted from the target binary.
Dynamic Execution (HIGH): Phase 5 of the skill explicitly recommends using LD_PRELOAD for library/process injection and dynamic binary patching to bypass security checks. While standard for reverse engineering, these techniques represent high-risk process manipulation.
Command Execution (MEDIUM): The skill relies on executing several powerful system utilities (readelf, objdump, objcopy, strace, ltrace) that interact with the host operating system and process external, potentially malicious file inputs.

vulnerable-secret