The Agent Skills Directory

DATA_EXFILTRATION (HIGH): The script scripts/run-flow-hybrid-search.sh is vulnerable to data exfiltration. It accepts a --data argument that specifies a file path, and subsequently uses curl --data @"${DATA_FILE}" to send the file's content to a remote URL. Since an agent can be manipulated via prompt injection to provide sensitive paths (e.g., ~/.ssh/id_rsa or .env), this script facilitates the unauthorized transmission of private local data. Furthermore, the --base-url parameter allows an attacker to redirect this data to an arbitrary server.
COMMAND_EXECUTION (LOW): The skill relies on the execution of a local bash script. While the script implements some best practices (e.g., set -euo pipefail and file existence checks), the pattern of passing unvalidated user-controlled parameters directly into network commands like curl is inherently risky for an AI agent.
PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8). It takes user-controlled queries and filters, which are then processed by a remote LLM-powered edge function for "query rewriting".
Ingestion points: The query and filter fields in the JSON payload submitted by scripts/run-flow-hybrid-search.sh.
Boundary markers: None detected; instructions in references/prompts.md do not include delimiters or specific escape logic for the rewritten content.
Capability inventory: The skill possesses network capabilities (curl) to transmit data based on the processed output.
Sanitization: No sanitization or validation of the input query is performed before transmission to the remote service.

flow-hybrid-search