The Agent Skills Directory

[COMMAND_EXECUTION]: The 'unifi.py' script includes a 'raw' command that permits the agent to execute arbitrary HTTP methods (GET, POST, PUT, DELETE) against any UniFi controller API endpoint. This capability provides an unrestricted path to modify network configurations or access sensitive data beyond the scope of predefined tools.
[COMMAND_EXECUTION]: The 'wlan-qr' command allows the agent to write a file to the local filesystem with a user-specified filename via the '--output' flag. This could be exploited to overwrite existing files or write malicious content to sensitive locations if the agent has sufficient permissions.
[COMMAND_EXECUTION]: The script explicitly disables SSL certificate verification ('ssl_context=False') and uses an unsafe cookie jar configuration. This makes the connection to the UniFi controller vulnerable to Man-in-the-Middle (MitM) attacks, potentially exposing administrative credentials or allowing command interception.
[DATA_EXFILTRATION]: Commands such as 'sysinfo', 'health', 'devices', and 'clients' expose detailed network topology, hardware metadata, and connected client information. Furthermore, the 'events' command allows real-time monitoring of network activity. This data is highly sensitive and could be used for reconnaissance or exfiltrated if the agent is compromised.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from the UniFi controller (e.g., client hostnames, device names, voucher notes) and includes it in the agent's context without sanitization or boundary markers. An attacker who can influence these values (e.g., by joining the network with a specifically named device) could potentially manipulate the agent's subsequent actions.
[SAFE]: The skill correctly uses environment variables for credential management and relies on well-known third-party libraries like 'aiounifi' and 'aiohttp'.

ez-unifi