The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): In scripts/build-docker.sh, the script constructs a command string using several variables derived from user-provided arguments and executes it using eval "$BUILD_CMD".
Evidence: Line 136 in scripts/build-docker.sh executes eval "$BUILD_CMD" where BUILD_CMD includes the $TAG and $PLATFORM variables.
Risk: If an attacker can influence the image tag or platform arguments (e.g., by providing a value like mytag; rm -rf /), they could achieve arbitrary command execution on the host machine running the skill.
[PROMPT_INJECTION] (HIGH): The scripts/health-check.sh script is vulnerable to indirect prompt injection (Category 8).
Ingestion points: The script accepts a user-provided URL and fetches its content using curl (Line 183).
Boundary markers: No boundary markers or instructions are provided to the agent to ignore potentially malicious content within the response.
Capability inventory: The skill has access to Bash, Write permissions, and Docker, providing a high-privilege environment for an attacker to exploit.
Sanitization: While json.load is used for parsing, the subsequent logic checks for specific fields (status, database, cache) and prints their values to the agent's context. A malicious server could return crafted JSON designed to manipulate the agent's behavior or misrepresent the deployment's security state.
[DATA_EXFILTRATION] (LOW): The scripts/health-check.sh utility can be used to send HTTP requests to arbitrary external URLs. While this is the intended purpose, it could be abused for SSRF (Server-Side Request Forgery) if the agent is tricked into targeting internal infrastructure.
[DYNAMIC_EXECUTION] (MEDIUM): The skill frequently employs dynamic execution patterns, such as using python3 -c to execute small code snippets for JSON processing (e.g., scripts/health-check.sh Line 213) and the previously mentioned eval usage. While common in utility scripts, these increase the potential impact of any injection vulnerabilities.

fastapi-deployment-config