The Agent Skills Directory

[DATA_EXFILTRATION] (HIGH): The static file server example in SKILL.md contains a path traversal vulnerability. Evidence: The code const filePath = ./public${url.pathname.replace("/static", "")}; uses unsanitized user input from url.pathname to construct a file system path. Risk: Attackers can use sequences like ../ to escape the ./public directory and read any file the process has permissions to access, such as .env files or SSH keys.
[PROMPT_INJECTION] (LOW): The skill demonstrates patterns that expose an indirect prompt injection surface. Ingestion points: req.json(), req.formData(), req.headers, and req.url in SKILL.md take untrusted data from network requests. Boundary markers: Absent; no delimiters or warnings are used when processing request data. Capability inventory: The skill utilizes Bun.file which provides file system read capabilities. Sanitization: Absent; the examples show direct processing of request properties without validation, escaping, or path normalization.

Bun HTTP Server