The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The setup guide in references/setup.md instructs users to execute curl -LsSf https://astral.sh/uv/install.sh | sh. Piped execution of remote scripts is a critical risk as the content can be modified by an attacker or intercepted.\n- REMOTE_CODE_EXECUTION (HIGH): The skill recommends cloning a repository from a personal account (spm1001/claude-config) and immediately running a setup script (./scripts/setup-machine.sh). This allows arbitrary code execution on the sprite from an unverified source.\n- COMMAND_EXECUTION (MEDIUM): The sprite exec and sprite console commands allow arbitrary command execution on remote VMs. While functional for the skill's purpose, this provides a powerful primitive for potential abuse.\n- CREDENTIALS_UNSAFE (MEDIUM): The test-outer-inner.sh script and troubleshooting documentation facilitate passing sensitive credentials like CLAUDE_CODE_OAUTH_TOKEN and SPRITE_TOKEN via environment variables and CLI arguments, which can be exposed in process lists, shell history, and logs.\n- PROMPT_INJECTION (LOW): The 'OuterClaude/InnerClaude' pattern creates an indirect prompt injection surface where the primary agent (OuterClaude) processes output from a nested agent (InnerClaude). \n • Ingestion points: Output captured from tmux pipe-pane or script commands as described in test-outer-inner.sh and troubleshooting.md. \n • Boundary markers: None present to distinguish InnerClaude output from system instructions. \n • Capability inventory: The sprite CLI allows full shell execution and file system access on the Sprite. \n • Sanitization: None present; output is captured and grepped without validation or escaping.\n- PERSISTENCE (MEDIUM): Setup scripts modify ~/.bashrc to establish persistent environment configurations across sessions.

sprite