The Agent Skills Directory

Data Exposure & Exfiltration (HIGH): The skill documentation contains hardcoded plaintext credentials (admin@sorcha.local / Dev_Pass_2025!) intended for a local Docker environment. Hardcoding secrets within a skill is a high-risk practice as it exposes credentials to any user or system interacting with the instructions.
Unverifiable Dependencies & Remote Code Execution (LOW): The skill instructions include the use of the Bash tool to execute docker-compose up -d and dotnet test. These are standard development operations but represent an active execution surface that could be exploited if the agent is directed to run modified or malicious versions of these commands.
Indirect Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes user-provided requirements to generate and modify source code and tests. • Ingestion points: Generation and editing of .razor pages and .cs test files based on user prompts. • Boundary markers: There are no markers or instructions defined to prevent the agent from obeying instructions embedded in the data it is processing. • Capability inventory: The skill has permission to Write and Edit files and execute Bash commands, providing a significant impact path. • Sanitization: No validation or sanitization mechanisms are specified for handling external input before it is written into executable project files.

sorcha-ui