The Agent Skills Directory

Data Exposure & Exfiltration (MEDIUM): Scripts folders.sh and advisor.sh read local file contents and transmit them to the Nia API at apigcp.trynia.ai. The folders.sh script specifically uses find and cat to ingest the contents of entire local directories.
Dangerous Capability (MEDIUM): The folders.sh script provides from-db and preview-db commands that accept raw database connection strings. If an agent is manipulated, this could be used to exfiltrate data from internal databases to the remote API.
Credential Access (MEDIUM): The scripts/lib.sh script reads from the sensitive file path ~/.config/nia/api_key. While necessary for the skill's authentication, it constitutes access to a local credential store.
Indirect Prompt Injection (LOW): The skill retrieves and indexes data from untrusted sources, including the public web (search.sh), GitHub repositories (repos.sh), and research papers (papers.sh). Evidence: 1. Ingestion points: scripts/search.sh, scripts/repos.sh, scripts/papers.sh. 2. Boundary markers: Absent in the bash client scripts. 3. Capability: Scripts use curl to send data to a remote API that likely processes it with an LLM. 4. Sanitization: No local sanitization of retrieved external content is performed.
External Downloads (LOW): The README.md recommends running npx nia-wizard@latest, which downloads and executes remote code from the npm registry as part of the setup process.

Nia