The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The skill documents 'env' and 'printenv' patterns. Executing these commands dumps all environment variables into the agent's context, which is a common source of sensitive API keys, tokens, and database credentials.\n- [COMMAND_EXECUTION] (HIGH): The skill explicitly authorizes the 'Bash' tool and provides complex script templates, including process termination ('kill -9') and system information gathering ('ifconfig', 'ps aux'). This gives the agent extensive control over the underlying host.\n- [DATA_EXFILTRATION] (MEDIUM): Multiple 'curl' patterns are included, such as POSTing JSON data to external URLs. This provides a direct mechanism for an agent to send sensitive local data to an attacker-controlled endpoint.\n- [PROMPT_INJECTION] (HIGH): This skill creates a Tier HIGH indirect prompt injection surface (Category 8). Ingestion points: Any external file, log, or code the agent processes using these patterns. Boundary markers: Absent from all provided templates. Capability inventory: Full shell execution, network access, and file modification. Sanitization: The skill lacks any guidance or patterns for sanitizing or escaping untrusted data before it is interpolated into shell commands.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill includes patterns for downloading files via 'curl -O' from untrusted sources like 'example.com', which could be used to fetch and execute malicious payloads.

bash-linux