The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill mandates fetching content from a remote GitHub Gist (ID: 84a5c108d5742c850704a5088a3f4cbf) at the beginning of every session using the gh gist view command.\n- [PROMPT_INJECTION]: The skill includes a 'Step 0' that forces the agent to read and apply instructions from an external, mutable source (the Gist). This is an indirect prompt injection vector, as the agent is told to 'Apply every relevant pitfall' to its work, allowing the Gist owner to influence the agent's actions remotely.\n- [DATA_EXFILTRATION]: The skill utilizes the gh gist edit command to allow the agent to upload data to a remote Gist. If the agent is influenced by malicious instructions from the Gist, this mechanism could be used to exfiltrate sensitive code or project data.\n- [COMMAND_EXECUTION]: The skill performs multiple shell operations including find, cp, xcodegen, and xcodebuild to manipulate the project environment and execute code.\n- [REMOTE_CODE_EXECUTION]: The skill triggers the execution of UI tests via xcodebuild test. Because the agent is instructed to write and implement real code based on potentially remote instructions, this represents a risk of arbitrary code execution on the host machine.\n- [PRIVILEGE_ESCALATION]: The skill explicitly directs the agent to disable the macOS app sandbox (ENABLE_APP_SANDBOX: "NO") and remove sandbox entitlements in the project configuration, which weakens the system's security boundaries for the application being tested.

journey-builder