The Agent Skills Directory

[COMMAND_EXECUTION]: The utility script scripts/virtualbox-utils.ts is vulnerable to shell command injection via child_process.exec. Evidence: The vboxCommand function and others like startVM, createVM, and takeSnapshot assemble command strings by interpolating variables (e.g., vmName, diskPath) directly into strings that are then executed in a shell. Although the script wraps these variables in double quotes, it does not escape double-quote characters within the inputs themselves. An attacker-controlled string such as \" && malicious_command && \" could bypass the quoting and execute arbitrary commands on the host system.
[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection (Category 8) due to its handling of untrusted data in security-sensitive operations. 1. Ingestion points: VM names, paths, and descriptions provided via the vmName, options.name, diskPath, and snapshotName arguments across all functions in scripts/virtualbox-utils.ts. 2. Boundary markers: Absent; there are no delimiters or instructions to help the model distinguish between metadata and executable instructions. 3. Capability inventory: The skill has broad capabilities including VM lifecycle management, network configuration, and host-to-guest command execution via guestcontrol. 4. Sanitization: Absent; the script performs no validation or escaping of shell-active characters before executing commands.

virtualbox