The Agent Skills Directory

Remote Code Execution & External Downloads (CRITICAL/HIGH): The skill instructs the user to install software using the curl | sudo bash pattern. Specifically, curl -s https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash. This allows an external script from a non-whitelisted repository to execute with root privileges on the host machine.
Privilege Escalation (HIGH): The documentation includes several commands that require or modify root privileges, such as sudo bash for installation and sudo usermod -aG docker $USER to modify user groups. These actions can lead to unintended privilege escalation or system instability.
Credentials Management (MEDIUM): The skill provides instructions for managing sensitive data using .secrets and .env files. While it includes best practices (e.g., adding these to .gitignore), it explicitly handles high-value secrets like GITHUB_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY in plain text files.
Indirect Prompt Injection (LOW): The skill provides a surface for indirect prompt injection (Category 8).
Ingestion points: The skill reads and processes GitHub Actions workflow files (.github/workflows/*.yml) and configuration files (.actrc).
Boundary markers: None are specified to separate workflow instructions from agent instructions.
Capability inventory: The skill uses Bash, Write, and Edit tools, allowing it to execute arbitrary commands through the act CLI.
Sanitization: No sanitization of the contents of the workflow files or environment variables is mentioned, meaning malicious instructions in a repo could influence the agent's behavior during local testing.

act-local-testing