The Agent Skills Directory

[COMMAND_EXECUTION]: The verify_ca_deployed method in scripts/agent.py is vulnerable to command injection. It uses Python f-strings to interpolate the internal_ca_cn variable—which is derived from command-line arguments—directly into a PowerShell command string passed to subprocess.run. A malicious user could provide a crafted CA name (e.g., using semicolons or backticks) to execute arbitrary commands on the host system.
Evidence (scripts/agent.py): subprocess.run(["powershell", "-NoProfile", "-Command", f'Get-ChildItem Cert:\\LocalMachine\\Root | Where-Object {{$_.Subject -like "*{self.internal_ca_cn}*"}} ...']).
[COMMAND_EXECUTION]: The skill documentation in SKILL.md instructs users to perform high-privilege operations, such as using sudo security add-trusted-cert on macOS or Import-Certificate in PowerShell. These operations modify the system's Root Trust Store, which is a sensitive security configuration that should only be altered with verified and trusted certificates.

performing-ssl-tls-inspection-configuration