The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill implements a reverse proxy that handles untrusted external HTTP requests and forwards them to backends, creating a vulnerability surface where external data can influence internal network operations.\n
Ingestion points: The skill uses Router::with_path("{**rest}") (SKILL.md) to capture all incoming request paths and data.\n
Boundary markers: No delimiters or instructions are provided to the agent or the application to distinguish between untrusted user data and proxy control logic.\n
Capability inventory: The skill utilizes salvo::proxy::Proxy for network forwarding and reqwest for automated health checks against backend servers (SKILL.md).\n
Sanitization: The provided examples forward request headers and paths directly to backend services without validation, sanitization, or filtering.\n- [Data Exposure & Exfiltration] (SAFE): The skill does not contain hardcoded credentials, API keys, or patterns for accessing sensitive local system files like ~/.ssh or .env. Network activity is limited to the proxy's stated purpose of forwarding requests.\n- [Remote Code Execution] (SAFE): There are no patterns involving the download and execution of remote scripts, nor any use of dynamic code execution functions like eval or exec.\n- [Privilege Escalation] (SAFE): The code does not use sudo, modify system-wide configurations, or attempt to escalate process privileges.\n- [Best Practice Note] (LOW): The examples use TcpListener::new("0.0.0.0:8080") which binds to all network interfaces, and Cors::permissive(), which allows any origin to access the proxy. These settings are common in development examples but should be restricted in production environments to prevent unauthorized access.

salvo-proxy