The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interpolates the user-provided {SSH_TARGET} directly into shell commands. A malicious user could provide a crafted string to execute arbitrary code on the local agent's environment or the remote host.
[DATA_EXFILTRATION]: The skill executes 'cat /proc/{PID}/environ' within Docker containers. This path is highly sensitive as it contains all environment variables of the running process, which typically include secrets, API keys, and configuration data.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). Ingestion points: The {SSH_TARGET} variable in SKILL.md. Boundary markers: None identified. Capability inventory: The skill uses the Bash tool to perform network operations (ssh) and container operations (docker exec). Sanitization: No sanitization or validation of the {SSH_TARGET} input is performed.
[CREDENTIALS_UNSAFE]: The skill hardcodes a specific 'Default' server IP (124.158.103.16) and username (felix). Hardcoding infrastructure details in a public skill is risky and can be used for unauthorized access or data collection.

gpu-use