The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides and describes the usage of multiple bash scripts (validate-policy.sh, apply-policy.sh, get-policy.sh) that use curl and python3 to interact with the Tailscale API. These scripts handle sensitive environment variables such as TS_API_KEY and TS_OAUTH_SECRET for network policy management.
[EXTERNAL_DOWNLOADS]: The skill utilizes external dependencies including the tailscale/gitops-acl-action GitHub Action and the hujsonfmt tool. These resources originate from Tailscale's official GitHub repository, a well-known technology service provider.
[DATA_EXFILTRATION]: The .claude/settings.local.json file grants WebFetch permissions for several non-whitelisted third-party domains including blog.gripdev.xyz, heywoodlh.io, and dev.l1qu1d.net. In a skill that handles critical network security configurations and API credentials, access to these unrelated personal domains presents a potential exfiltration vector.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its configuration allowing data ingestion from untrusted sources via WebFetch to third-party domains. These ingestion points in .claude/settings.local.json lack boundary markers or sanitization, and the skill possesses significant capabilities (bash execution, API interaction) that could be exploited if malicious instructions are retrieved from these external sites.

tailscale-policy-manager