The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The file references/spaceship-api.md directs the agent to read ~/.zshrc to extract SPACESHIP_API_KEY and SPACESHIP_API_SECRET. Accessing shell configuration files to retrieve credentials is a high-risk pattern that exposes the user's environment and other potentially sensitive secrets stored in the same file.\n- DATA_EXFILTRATION (HIGH): The skill extracts credentials from a sensitive local file and transmits them to spaceship.dev via curl. While this is intended for API authentication, the combination of sensitive file access and network transmission to a non-whitelisted domain constitutes a high-risk data flow.\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from Twitter and Reddit search results in Step 3 and incorporates it into the agent's context without sanitization or boundary markers.\n
Ingestion points: search results from search_tweets.py and search_posts.py.\n
Boundary markers: Absent.\n
Capability inventory: whois, curl, open, and shell execution.\n
Sanitization: None mentioned in the workflow.\n- COMMAND_EXECUTION (MEDIUM): The skill utilizes shell commands such as whois, grep, and open, and executes local Python scripts from relative paths. This reliance on the shell increases the attack surface if inputs like domain names or search queries are maliciously crafted.

domain-hunter