The Agent Skills Directory

REMOTE_CODE_EXECUTION (MEDIUM): The skill documents the zigbee2mqtt/bridge/request/converter/save MQTT command, which allows an external entity to write and execute JavaScript code for device converters. This provides a significant surface for dynamic code execution via the MQTT interface.\n- COMMAND_EXECUTION (LOW): Troubleshooting and setup sections involve shell commands like pnpm install, ls -la /dev/ttyUSB*, dmesg, and journalctl for hardware management and service debugging.\n- EXTERNAL_DOWNLOADS (LOW): The development guide suggests cloning the Zigbee2MQTT repository from GitHub for installation and testing.\n- PROMPT_INJECTION (LOW): The skill describes an interface that processes external, potentially untrusted data from MQTT brokers and Zigbee devices (Category 8). Evidence Chain: 1. Ingestion points: MQTT topics and Zigbee clusters. 2. Boundary markers: No delimiters or safety warnings for payload content are mentioned. 3. Capability inventory: Ability to control physical devices, manage the service, and write/execute code. 4. Sanitization: No specific sanitization or validation logic is provided in the documentation.

zigbee2mqtt