The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The execution steps in SKILL.md demonstrate the construction of shell commands using user-provided input fields such as "invoice_description". Direct interpolation of these fields into a single-quoted shell string for the "refly" CLI enables arbitrary command execution if an attacker provides inputs containing shell metacharacters.
Ingestion points: Untrusted user input via the "customer_name", "customer_email", and "invoice_description" fields defined in SKILL.md.
Boundary markers: Absent; inputs are directly embedded into the shell command string.
Capability inventory: Execution of shell commands via the "refly" CLI, which triggers external payment and billing workflows.
Sanitization: Absent; no escaping of shell metacharacters is required or implemented in the skill instructions.
EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of an opaque package ID ("skp-mfyz61qqatnfv05xj9nruiom") and executes a workflow on a third-party platform ("refly.ai") via a specific workflow ID. The logic within these remote components is not transparent, and the author ("chizblank") is not a trusted source.

stripe