The Agent Skills Directory

Data Exfiltration (HIGH): The play method allows the agent to read arbitrary files specified by file_path and send them to a recipient via the Tailscale network. There are no documented constraints or whitelists for file access, enabling the potential exfiltration of sensitive user data.
Prompt Injection (HIGH): The skill provides a high-privilege capability that can be triggered by external inputs. Mandatory Evidence Chain: 1. Ingestion points: play method arguments in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: File reading and network operations. 4. Sanitization: Absent; no validation of the file_path or recipient is described.
Command Execution (MEDIUM): Integration with the Codex system implies a runtime environment where code is self-rewriting or dynamically generated. This increases the severity of potential prompt injection attacks, as the agent could be manipulated into generating and executing malicious code.
Metadata Poisoning (LOW): The skill uses deceptive markers like 'Status: Ready' and claims of 100% test coverage to build unearned trust. These self-referential safety claims are disregarded per analysis protocols.

tailscale-file-transfer