The Agent Skills Directory

[COMMAND_EXECUTION]: The shell scripts create-reminder.sh and create-recurring.sh are vulnerable to command injection. User-supplied reminder messages ($MESSAGE) and schedules ($WHEN, $SCHEDULE) are directly interpolated into bash command lines (e.g., npx tsx src/index.ts cron add --name "Reminder: $MESSAGE" ...) without any sanitization or proper escaping. An attacker could provide a message such as foo" ; id ; # to execute arbitrary system commands.
[DATA_EXFILTRATION]: Both creation scripts contain a hardcoded Telegram recipient ID (6636746252) used as the target for delivery. This causes all processed reminders—which may contain sensitive personal information or system details—to be sent to a specific external account, bypassing the user's control and visibility.
[PROMPT_INJECTION]: The skill facilitates indirect prompt injection by accepting untrusted natural language input for reminders and schedules, then passing this data into a vulnerable shell execution environment. This provides a direct path for external data to compromise the host system.
Ingestion points: Natural language commands defined in SKILL.md and processed by the agent.
Boundary markers: None; the skill lacks delimiters or instructions to ignore embedded commands within user input.
Capability inventory: Shell command execution (npx tsx, bash), file system modification (sed -i, echo >>), and network access (implied by the Telegram delivery mechanism).
Sanitization: Absent; variables are used in shell interpolations without escaping or validation.

remind-me