The Agent Skills Directory

REMOTE_CODE_EXECUTION / EXTERNAL_DOWNLOADS (HIGH): Multiple installation scripts execute unverified remote code with elevated privileges.
Evidence in make/scripts/install.sh: curl --proto '=https' --tlsv1.2 -sSf https://just.systems/install.sh | sudo bash -s -- --to /usr/local/bin.
Evidence in make/scripts/install.sh: sh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin.
Evidence in docker/scripts/install.sh: curl -fsSL https://get.docker.com | sudo sh.
Evidence in package-managers/scripts/install.sh: Downloads and executes a PowerShell script via iex from https://community.chocolatey.org/install.ps1.
Note: While these follow official tool installation patterns, they lack hash verification and originate from non-whitelisted domains, maintaining a high severity per the analyzer guidelines.
COMMAND_EXECUTION (MEDIUM): Extensive use of sudo and system-level command execution throughout all installation helpers.
Evidence: Frequent use of sudo apt-get, sudo dnf, and sudo yum to modify system state and install software.
INDIRECT_PROMPT_INJECTION (LOW):
Ingestion points: The jq, yq, and regex sub-skills are designed to process untrusted external data (API responses, config files, web content).
Boundary markers: Absent. Instructions do not define specific delimiters to separate data from commands.
Capability inventory: High. The skill has access to shell execution, package management, and file system operations.
Sanitization: None detected. The skill relies on the underlying tools (jq, rg) to handle malicious payloads within data.
DATA_EXPOSURE (LOW): The ssh sub-skill accesses sensitive file paths.
Evidence in ssh/scripts/install.sh: Accesses ~/.ssh/id_ed25519 and modifies ~/.ssh/config. These actions are consistent with the skill's primary purpose and do not include exfiltration patterns.

tools