The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): A hardcoded Moodle API token (f8df006962c71b2468033bfcf5ed9ed5) was detected in src/fetch_my_courses.py and src/fetch_notifications.py. This token grants access to the user's Moodle account and should never be stored in source code.
[PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection (Category 8).
Ingestion points: The system fetches arbitrary content from the Moodle API, including assignment descriptions, forum messages, and notifications in src/fetch_notifications.py and referenced fetching scripts.
Boundary markers: No boundary markers or delimiters are used to encapsulate untrusted data when it is presented to the agent.
Capability inventory: The skill possesses the ability to execute local commands via subprocess.run (in monitor.py) and modify local files.
Sanitization: While clean_html is used for terminal previews, the actual data stored and processed (e.g., the intro and message fields in src/clean_course_data.py) retains full HTML content, providing an injection vector for malicious course instructors or students.
[SSL_SECURITY] (MEDIUM): In src/fetch_my_courses.py and src/fetch_notifications.py, SSL verification is explicitly disabled (verify=False) and warnings are suppressed. This exposes the Moodle connection to Man-in-the-Middle (MitM) attacks, potentially allowing attackers to intercept the API token or modify course data.
[COMMAND_EXECUTION] (LOW): The orchestration script monitor.py and others use subprocess.run to execute internal Python scripts. While they use list-based arguments which mitigate shell injection, the reliance on runtime execution of local files increases the impact if the agent is compromised via indirect prompt injection.

monitor-moodle