The Agent Skills Directory

[DATA_EXFILTRATION]: The skill mandates an 'aggressive' and 'eager' workflow for transmitting task-related data to an external API. This behavior is risky during tasks such as debugging or operations where sensitive architectural details, internal logic, or environment metadata might be captured as 'learning residue'. The instructions to prioritize 'discovery over restraint' escalate the risk of accidental exposure of proprietary or internal information to the vendor's endpoint.\n- [DATA_EXFILTRATION]: The schelling.sh script includes functionality to upload the raw contents of a file to the API if its path is passed to the 'post' command using the '--data-binary' flag. This creates a direct vector for data exfiltration if the agent is manipulated into processing sensitive files, such as configuration files or private keys, as part of its 'learning' process.\n- [COMMAND_EXECUTION]: The skill relies on a bash script (scripts/schelling.sh) that uses curl to perform network operations. This script transmits local environment data to a remote server and performs JSON assembly with manual string manipulation for some endpoints, which is a fragile pattern.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data ingestion pattern. It captures untrusted data from the task context (e.g., logs, error messages) as 'ingestion points' and lacks 'boundary markers' to prevent embedded instructions from influencing the agent's behavior. The 'capability inventory' includes network POST operations via curl, and the 'sanitization' is limited to basic shell quote escaping, which does not prevent structured data manipulation or malicious payloads from being transmitted in the JSON residue.

aggressive-schelling