The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The scripts/download-schema.sh script downloads an OpenAPI schema from a URL constructed using the $REGION variable. Because the Genesys Cloud domains are not within the defined Trusted External Sources list, the download is considered high-risk. The variable interpolation https://api.${REGION}/... without validation allows a malicious user to point the agent toward an arbitrary domain to download a malicious JSON payload.- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests a 19MB+ external schema.json file and is explicitly instructed to extract and display summary and description fields in its response. Evidence: (1) Ingestion Point: schema.json via download-schema.sh. (2) Boundary Markers: None; data is directly placed into markdown templates. (3) Capability Inventory: The agent has Bash and jq access. (4) Sanitization: None; external content is used verbatim. Malicious instructions inside the schema could trick the agent into performing unauthorized actions or leaking data.- REMOTE_CODE_EXECUTION (HIGH): The skill requires the agent to execute a bash script (download-schema.sh) that performs network requests and file writes. Running scripts that download and process external data is a high-severity risk if the source is not strictly verified and the environment is not isolated.- COMMAND_EXECUTION (MEDIUM): The jq query patterns in SKILL.md rely on the agent interpolating KEYWORD and METHOD into bash commands. If these inputs originate from untrusted users and are not properly escaped by the agent, they could lead to jq filter injection or shell command manipulation within the Bash(jq:*) tool context.

platform-api