The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The container system kernel set --tar <url> command enables downloading and installing a Linux kernel from any remote URL. This allows for the execution of untrusted code at a deep system level if a malicious URL is provided.\n- [DATA_EXFILTRATION]: The --ssh option in the container run command mounts the host's SSH authentication socket (SSH_AUTH_SOCK) into the container environment. This creates a significant risk where a malicious container image could access, use, or exfiltrate the user's host SSH keys.\n- [COMMAND_EXECUTION]: The skill requires the agent to execute commands with elevated privileges, specifically using sudo for DNS configuration and managing system services via launchd.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of external content, including container images from public registries and kernel binaries from remote repositories, which may not be verified for integrity.\n- [PROMPT_INJECTION]: The skill metadata uses branding ('Apple's native container runtime') that deceptively implies official status. This form of metadata poisoning could mislead the agent or user regarding the skill's authority and safety, given it is authored by an unaffiliated third party.

apple-container