The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads installation scripts and binaries from well-known technology providers, including NodeSource (Node.js), Rustup (Rust), Docker (Official), and Go.dev (Go). It also fetches SSL root certificates from Cloudflare's official developer site.
[REMOTE_CODE_EXECUTION]: Runtime environments are installed by piping remote scripts directly to shell interpreters (e.g., curl | bash or curl | sh). While these sources are official and well-known, this practice is a standard deployment pattern that involves executing remote code on the target server.
[COMMAND_EXECUTION]: The skill makes extensive use of Bash to manage the remote server. This includes sensitive operations such as modifying SSH authorized keys, installing system packages via apt-get, creating systemd services, and configuring Nginx sites.
[CREDENTIALS_UNSAFE]: The skill manages SSH access by reading local public keys (id_rsa.pub or id_ed25519.pub). It also provides instructions for using sshpass with plaintext passwords to bootstrap SSH access, which could potentially leave credentials in the local shell history.
[DATA_EXFILTRATION]: Local project files and configuration data are transferred to the remote server using rsync. This is the primary function of the skill and is performed over an encrypted SSH tunnel.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses information (like ports and build scripts) from untrusted project files such as package.json, requirements.txt, and source code files without explicit sanitization or boundary markers.

server-deploy