The Agent Skills Directory

[DATA_EXFILTRATION]: The scripts/test_api_auth.py script retrieves sensitive tokens from Doppler and transmits them to a user-defined API URL using urllib.request. This pattern directly enables credential exfiltration if the target URL is redirected to an attacker-controlled server.
[COMMAND_EXECUTION]: The test_env_injection function in scripts/validate_secret.py executes a Python command via python3 -c using an unsanitized f-string interpolation for the secret_name variable. This allows for arbitrary code execution within the Python interpreter if a malicious secret name (e.g., containing double quotes and system commands) is processed.
[COMMAND_EXECUTION]: The token validation workflow in SKILL.md instructs the user to execute python3 -c with a TOKEN_VALUE placeholder. This instruction is highly susceptible to command injection if the token itself contains malicious Python syntax designed to break out of the string literal.
[COMMAND_EXECUTION]: Both bundled scripts (scripts/test_api_auth.py and scripts/validate_secret.py) make extensive use of subprocess.run to interact with the Doppler CLI. While they use list-based arguments, the lack of input validation on variables like project, config, and secret_name increases the attack surface for command manipulation.

doppler-secret-validation