The Agent Skills Directory

Remote Code Execution (CRITICAL): The documentation in SKILL.md and references/adc-commands.md explicitly instructs the agent to install the ADC tool using curl -sL "https://run.api7.ai/adc/install" | sh. This 'pipe to shell' pattern from an untrusted source is a severe security risk that allows for arbitrary code execution.
Credentials Unsafe (HIGH): The file SKILL.md and references/adc-commands.md contain a hardcoded authentication token: ADC_TOKEN=edd1c9f034335f136f87ad84b625c8f1. Hardcoding secrets in skill files makes them vulnerable to exposure and misuse.
Command Execution (HIGH): The skill relies on executing multiple shell commands (adc ping, adc sync, adc diff, adc lint) and environment variable manipulation, which could be exploited if user input is not properly sanitized.
Data Exposure (MEDIUM): The skill manages APISIX resources including ssls (certificates and private keys). The schema in references/configuration-schema.md shows placeholders for -----BEGIN RSA PRIVATE KEY-----, indicating that sensitive cryptographic material is intended to be processed in plain text within the workspace.
Indirect Prompt Injection (LOW):
Ingestion points: User descriptions of API requirements are used to generate or update adc.yaml files.
Boundary markers: None identified. There are no delimiters or instructions to prevent the agent from obeying instructions embedded in user-provided data.
Capability inventory: The skill has the capability to write files and execute commands that modify network infrastructure via the APISIX Admin API.
Sanitization: The scripts/validate-yaml.sh script only validates YAML syntax and basic APISIX schema; it does not sanitize against malicious payloads or injection attempts.

apisix-adc