The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documentation includes commands that pipe network data directly into the Python interpreter using "curl -s ... | python -m json.tool". While "json.tool" is a safe, standard module for formatting, this architecture pattern is sensitive because it relies on the integrity of the local server response. Automated scans identified this as a potential RCE vector if the "-m json.tool" flag is omitted or bypassed.- [COMMAND_EXECUTION]: The skill utilizes the "curl" command to perform GET and DELETE operations against a local Smello server. These operations are essential for the skill's primary function of HTTP traffic inspection.- [PROMPT_INJECTION]: As a debugging tool that summarizes captured HTTP traffic, the skill is vulnerable to indirect prompt injection. Malicious instructions contained within the headers or bodies of captured requests could potentially influence the agent's summary or subsequent actions.
Ingestion points: Captured request and response data retrieved from "http://localhost:5110/api/requests".
Boundary markers: The skill does not define specific delimiters or instructions to ignore embedded commands within the captured data.
Capability inventory: Access to "Bash" (curl), allowing it to make further network requests based on analyzed data.
Sanitization: No explicit sanitization or filtering of captured HTTP content is described before the summary stage.- [EXTERNAL_DOWNLOADS]: The skill references resources from the "smelloscope" GitHub organization and container registry ("ghcr.io/smelloscope/smello"). These are official vendor resources related to the skill's author and are documented neutrally.

http-debugger