The Agent Skills Directory

CREDENTIALS_UNSAFE (LOW): Hardcoded dummy credentials detected in documentation.
Evidence: references/ARTIFACT_GUIDE.md contains admin:pass in a curl example for Nexus upload.
COMMAND_EXECUTION (MEDIUM): Shell script allows for potential command injection through unvalidated input.
Evidence: scripts/artifact_cleanup.sh takes user-provided arguments ($DAYS) and interpolates them directly into a find command. If an attacker provides a value like 30; rm -rf /, the shell will execute the injected command after the find operation.
DATA_EXPOSURE (LOW): The artifact_config.yaml file exposes internal naming conventions and infrastructure addresses (e.g., nexus.example.com). This is generally acceptable for templates but noted for environment awareness.

artifact-management