The Agent Skills Directory

[PROMPT_INJECTION]: A potential surface for indirect prompt injection was identified in the pre shell hook where the $TASK environment variable is ingested (SKILL.md). The implementation lacks boundary markers or explicit instructions to the agent to ignore embedded commands within the task name. The skill has inherent command execution capabilities through these hooks, and no sanitization or validation is performed on the variable before it is interpolated into the shell command.
[DATA_EXFILTRATION]: No unauthorized access to sensitive file paths or exfiltration of data to external domains was detected.
[REMOTE_CODE_EXECUTION]: The skill does not download external scripts or execute code from untrusted remote sources.
[COMMAND_EXECUTION]: Shell hooks are utilized for logging and protocol initialization; however, they rely on unvalidated environment variables which increases the risk of unintended command execution if task names are maliciously crafted.
[SAFE]: The cryptographic implementations (Threshold Signatures, Zero-Knowledge Proofs) and security monitoring logic are provided as reference implementations and do not exhibit malicious patterns.

agent-security-manager