The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill invokes the play command from the sox suite using subprocess wrappers in Python (subprocess.run), Julia (run), and Babashka (shell). While the provided code snippets use argument lists which mitigate basic shell injection, the skill's 'tool algebra' features are designed to process output from external tools (e.g., exa, deepwiki), creating a vulnerability if those outputs contain malicious payloads that are not properly sanitized before being passed to the shell environment.
EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on unverified external dependencies including the sox utility (installed via flox) and the Gay.jl Julia package. These sources are not within the trusted repository scope, increasing the risk of supply chain attacks or the execution of untrusted code during the environment setup phase.
PROMPT_INJECTION (MEDIUM): The skill includes a 'Metairony' mode that explicitly instructs the AI agent to perform 'deliberate transgression' and 'heresy' against defined constraints. This use of adversarial-style language is a known pattern for attempting to bypass safety filters and override system instructions, even if currently presented in a musical context.
REMOTE_CODE_EXECUTION (LOW): The skill includes local HTML files (metairony.html, hydra-grok.html) intended to be opened in a browser. While these are local files, they execute JavaScript in the user's browser context, which could potentially be used for client-side attacks or to access local data if the files are maliciously crafted.
DATA_EXPOSURE (LOW): The 'Metairony' documentation refers to a logic where the agent performs multiple 'read' operations (e.g., read(-1) + read(-1) + read(-1)). If the skill's unshown implementation allows the reading of arbitrary local files to sonify their content, it presents a risk of sensitive data exposure.

catsharp-sonification