The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill metadata explicitly allows Bash(cmd:*), granting the agent the ability to execute any shell command without restriction. This violates the principle of least privilege.
[PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection because it processes untrusted user input while holding high-privilege tool access. Ingestion points: Processes user requests via triggers such as "linux guide" and "linux" as defined in SKILL.md. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within user requests. Capability inventory: Includes Bash(cmd:*), Write, and Edit, which allows for full system control and file modification. Sanitization: Absent; the skill does not include logic to validate or filter commands before they are executed via the Bash tool.
[DATA_EXFILTRATION] (MEDIUM): While not explicitly coded, the unrestricted Bash access permits an attacker to utilize system utilities like curl or netcat to exfiltrate sensitive files accessed via the Read or Grep tools.

linux-commands-guide