The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill requests the global installation of the korail2 and pycryptodome Python packages via pip install if they are missing from the environment.
[COMMAND_EXECUTION]: The skill executes shell commands using sops exec-env to run a local helper script scripts/ktx_booking.py. This process involves interpolating user-provided data directly into the command line.
Ingestion points: Untrusted user input such as station names, dates, times, and train identifiers (e.g., 서울, 20260328, <train_id>) are placed into shell command arguments in SKILL.md.
Boundary markers: There are no explicit boundary markers or instructions to sanitize or escape these inputs before they are included in the shell execution string.
Capability inventory: The script being executed has the capability to perform network requests to Korail APIs and access decrypted secrets (ID and password).
Sanitization: The instructions do not define any sanitization or validation logic, relying entirely on the agent's internal safety filters.
[DATA_EXFILTRATION]: The skill accesses sensitive local files, specifically ~/.config/k-skill/secrets.env and ~/.config/k-skill/age/keys.txt. This access is a core part of the skill's documented security workflow for managing encrypted credentials using sops and age keys.

ktx-booking