The Agent Skills Directory

Privilege Escalation (HIGH): The installation instructions for macOS ARM64 suggest using sudo curl to download a binary directly into /usr/local/bin and sudo chmod to make it executable. This grants the installation process and the resulting binary elevated system permissions.
External Downloads & Remote Code Execution (HIGH): The skill directs users to download and execute pre-compiled binaries from a non-whitelisted GitHub organization (opper-ai). Executing unverified binaries from external sources poses a significant risk of remote code execution.
Indirect Prompt Injection (HIGH):
Ingestion points: The opper call and opper functions chat commands ingest data directly from command-line arguments and stdin pipes in SKILL.md.
Boundary markers: No boundary markers or delimiters are used to separate user-provided data from system instructions.
Capability inventory: The CLI possesses capabilities to modify knowledge base indexes, register models, and execute traces as documented in the Commands Overview.
Sanitization: There is no evidence of input sanitization or validation of the data being passed to the AI functions, making it vulnerable to malicious instructions embedded in input data.
Credentials Unsafe (MEDIUM): The opper models create command example shows an API key being passed as a raw command-line argument. This is a poor security practice as it leaves sensitive credentials in the user's shell history (e.g., ~/.bash_history) and process metadata.

opper-cli