The Agent Skills Directory

[COMMAND_EXECUTION]: The shell scripts (search.sh, departures.sh, route.sh, and disruptions.sh) use unsafe string interpolation to build curl commands. Specifically, they use a quoting pattern ('"$VAR"') to insert user-provided variables into a JSON payload for the -d (data) flag.
Evidence: In search.sh, the line "loc": {"name": "'"$QUERY"'"} allows a malicious input containing single quotes to break out of the shell's single-quoted string.
This enables an attacker, via indirect prompt injection, to append arbitrary curl arguments such as --config, --upload-file, or -o to the command execution environment.
[DATA_EXFILTRATION]: The argument injection vulnerability in the curl commands presents a risk of data exfiltration.
An attacker could potentially inject flags like --data-binary @/path/to/sensitive/file to send local system files (e.g., .ssh/id_rsa, .env, or .aws/credentials) to the remote transit API or a third-party server.
[EXTERNAL_DOWNLOADS]: The skill communicates with an external API at https://vao.demo.hafas.de/gate to fetch transit data. This is a well-known service endpoint for the HAFAS (Hacon Fahrplan-Auskunfts-System) used by Austrian public transport providers.

anachb