The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): Multiple shell scripts (arrivals.sh, departures.sh, search-station.sh, trip.sh) construct JSON payloads for curl by concatenating shell variables directly into the JSON string (e.g., '"$STATION"'). This allows an attacker to inject malicious JSON fields to manipulate the API request, although it does not directly lead to shell command execution due to double-quoting of the variable expansion.
CREDENTIALS_UNSAFE (LOW): The skill hardcodes an aid (Access ID) "OWDL4fE4ixNiPBBm" in SKILL.md and all bash scripts. While this is a known public ID used by the ÖBB web application, hardcoding authentication tokens is a poor security practice.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
Ingestion points: Fetches untrusted data (station names, directions, and disruption alerts) from the ÖBB HAFAS API in all five scripts.
Boundary markers: Absent; the raw or filtered API output is passed directly to the agent context.
Capability inventory: Includes network operations via curl and structured data processing via jq.
Sanitization: disruptions.sh performs basic HTML tag stripping using jq, but no other scripts sanitize the API response content.

oebb-scotty