The Agent Skills Directory

[Privilege Escalation] (HIGH): In scripts/rollback.sh, the --deployment-id argument is used to construct the BACKUP_PATH variable without any sanitization or path validation. An attacker could use path traversal sequences (e.g., ../../) to point the backup source to a directory they control, allowing them to overwrite the application's .env or config/production.json files with malicious content.\n- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The scripts/validate-config.sh script takes a --config-file parameter which is passed directly to python3 -m json.tool. This allows an attacker to perform unauthorized file existence checks and JSON validation on any file the agent has permissions to read.\n- [Data Exposure & Exfiltration] (MEDIUM): scripts/validate-config.sh transmits the ELEVENLABS_API_KEY to https://api.elevenlabs.io/v1/user. While this is intended for connectivity testing, the domain is not in the trusted whitelist, and the transmission of a production secret via a shell script is a security concern.\n- [External Downloads] (LOW): The use of curl in scripts/validate-config.sh to contact the ElevenLabs API is a functional requirement but is flagged as an external network operation. Per [TRUST-SCOPE-RULE], this is downgraded to LOW as it targets the expected service domain.\n- [Indirect Prompt Injection] (HIGH): This skill exposes a high-risk attack surface by processing untrusted command-line arguments that lead to file system writes (cp) and network operations (curl). Evidence: Ingestion points in CLI arguments; Boundary markers: Absent; Capability inventory: cp, curl, python3; Sanitization: Absent. The lack of validation makes the agent vulnerable to performing malicious actions when processing adversarial inputs.\n- [Credentials Unsafe] (MEDIUM): The scripts validate and manipulate the ELEVENLABS_API_KEY in plain text within shell environments, increasing the risk of exposure through process lists or log outputs.

production-deployment