The Agent Skills Directory

[Credentials Unsafe] (HIGH): The reference documentation explicitly demonstrates passing sensitive credentials as plaintext command-line arguments, a practice that exposes secrets to the operating system's process list and shell history.
Evidence in references/commands.md: bw login [email] [password], bw unlock [password], and bw export --password <pw>.
[Data Exfiltration] (MEDIUM): The skill enables an agent to extract and send sensitive vault data to external locations.
Evidence in references/commands.md: The bw export --raw command outputs the entire vault contents to stdout, and the bw send command facilitates sending files or text to Bitwarden's cloud-sharing service.
[Command Execution] (LOW): The skill is designed to facilitate the execution of the bw binary on the host system, giving an agent control over vault management operations.
[Indirect Prompt Injection] (LOW): The skill allows an agent to ingest untrusted data from vault items which could contain malicious instructions.
Ingestion points: bw get, bw list, bw receive.
Boundary markers: None specified in documentation to prevent the agent from obeying instructions found inside vault notes.
Capability inventory: High (can delete items, edit vault content, and export data).
Sanitization: No mention of sanitizing vault content before processing.

bw-cli