The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The Quick Start section contains a command that fetches a shell script from 'https://cli.inference.sh' and pipes it directly into the shell ('| sh'). This execution pattern allows for arbitrary remote code execution on the user's system without prior inspection or verification of the script content.
[COMMAND_EXECUTION]: The skill provides templates for establishing persistence and scheduled execution through the 'crontab -e' command. It also includes scripts that execute arbitrary shell commands to manage files and process data.
[DATA_EXFILTRATION]: The 'monitored_workflow.sh' template demonstrates sending command outputs and potential error messages to a user-defined external webhook ('https://your-webhook.com/alert'). If these outputs contain sensitive data processed by the AI, this mechanism serves as an exfiltration vector.
[PROMPT_INJECTION]: Multiple scripts are vulnerable to indirect prompt injection as they interpolate untrusted external data into model prompts. Ingestion points: 'data_processing.sh' reads raw file content using 'cat'; 'conditional_workflow.sh' accepts direct command-line arguments; 'content_pipeline.sh' uses research results as prompt input. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the templates. Capability inventory: The skill uses the 'Bash' tool and the 'infsh' CLI to execute operations. Sanitization: There is no evidence of input validation or escaping for the interpolated variables.
[EXTERNAL_DOWNLOADS]: The skill references several external skills to be added via 'npx skills add', which downloads code from the 'inference-sh/skills' repository, introducing unverified third-party dependencies into the agent's environment.

ai-automation-workflows