The Agent Skills Directory

[COMMAND_EXECUTION]: The set command logic in SKILL.md contains a shell command injection vulnerability. The script parses user-supplied arguments into KEY and VALUE variables, then uses them inside double-quoted strings within a jq command. Because these variables are expanded within double quotes by the bash shell, any command substitution syntax (such as $(...) or backticks) included in the user input will be executed by the shell before the jq command is run. This allows an attacker to execute arbitrary system commands with the privileges of the agent process.

settings