The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The Python script scripts/agent.py utilizes command-line arguments to accept an Active Directory administrative password via the --password flag. This practice is inherently insecure as command-line arguments are often visible to all users on a multi-user system through process monitoring tools and are typically recorded in shell history files.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from an external environment (Active Directory) and processes it without adequate security controls.
Ingestion points: The script scripts/agent.py retrieves object attributes such as sAMAccountName, cn, and memberOf from an Active Directory server via LDAP.
Boundary markers: The script does not utilize delimiters or specific instructions to isolate external data from the agent's logic, making it difficult for the agent to distinguish between data and potential malicious instructions.
Capability inventory: The script possesses file-writing capabilities through the --output argument and produces output to the standard console.
Sanitization: No sanitization, escaping, or schema validation is performed on the attributes retrieved from the directory service before they are printed or saved to a file.

configuring-active-directory-tiered-model