The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/extract-table.sh is vulnerable to command injection via the $TABLE_NAME variable. The script performs direct shell interpolation of the variable into an awk command string: awk '/..."'"$TABLE_NAME"'"/ ...'. A malicious user can provide a table name like "); system("id"); / to break out of the intended regex and execute arbitrary shell commands.
[COMMAND_EXECUTION]: The script scripts/detect-format.sh is vulnerable to command injection as it uses the $SCHEMA_FILE argument in a shell expansion without proper sanitization or validation, allowing an attacker to execute commands via shell metacharacters.
[PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by accepting untrusted user-supplied strings and using them as arguments for shell-based tools. Ingestion points: User-provided table names and search keywords used in the workflow steps. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill guidelines. Capability inventory: Execution of bash, awk, and grep on the local filesystem. Sanitization: No validation, escaping, or sanitization logic is implemented in the shell scripts or the agent's instructions.

osquery-query-helper