The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes bash scripts (honeypot_response, safe_fetch, memory-guard.sh) that attempt to write data directly to system-level log directories such as /var/log/security.log and /var/log/fetch.log. Writing to these locations typically requires elevated privileges and can be an indicator of attempts to bypass standard logging or perform unauthorized file system modifications.- [EXTERNAL_DOWNLOADS]: The safe_fetch.sh script utilizes curl to retrieve content from arbitrary URLs provided at runtime. This behavior allows the agent to communicate with any external domain, posing a risk of data leakage or retrieval of malicious content if the URL source is not strictly controlled or whitelisted.- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection. ● Ingestion points: Untrusted data enters the context via the curl command in safe_fetch.sh (SKILL.md). ● Boundary markers: The script attempts to use delimiters (=== EXTERNAL CONTENT START ===) to isolate external content. ● Capability inventory: The skill uses curl for network access and sed/grep for file processing, along with writing to /tmp and /var/log/ (SKILL.md). ● Sanitization: A sanitize_content function is provided to remove common injection markers like HTML comments and zero-width characters, but manual sanitization logic is often incomplete and subject to bypass by sophisticated payloads.

agent-security-audit