The Agent Skills Directory

[DATA_EXFILTRATION]: The code snippet in server/api/files/[name].ts is vulnerable to Path Traversal. It uses getRouterParam(event, 'name') to directly construct a file path (./data/${name}) without sanitization. An attacker could provide a value like ../../.env or ../../../../etc/passwd to read sensitive files from the server environment.
[PROMPT_INJECTION]: The skill defines several ingestion points for untrusted data that are processed by the agent without sufficient safety boundaries or sanitization logic. * Ingestion points: Untrusted data enters via getRouterParam in server/api/files/[name].ts and readBody/getQuery in server/api/users.post.ts. * Boundary markers: No delimiters or instructions are provided to the agent to treat this data as untrusted or to ignore embedded control sequences. * Capability inventory: The skill utilizes sensitive capabilities including filesystem reading (Bun.file().text()) and SQLite database operations (db.query, db.run). * Sanitization: The provided templates lack input validation, path normalization, or SQL parameterization examples in all routes, creating a significant attack surface for indirect prompt injection or data poisoning.

bun-nuxt