The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill's primary purpose is to capture external data (HTTP payloads) and feed it to the agent via the log command, creating a significant injection surface.
Ingestion points: The runServer function in recorder-cli.js captures any incoming data via req.on('data') on the configured port.
Boundary markers: No delimiters or warnings are used when printing logs; the agent receives raw data from external sources.
Capability inventory: The skill allows the agent to execute shell commands via Bash(node recorder-cli.js), creating a high-privilege execution environment for any instructions parsed from the logs.
Sanitization: There is no sanitization, escaping, or validation of the recorded payloads before they are output to the terminal.
Persistence Mechanism (HIGH): The skill uses pm2 (a process manager) to daemonize the HTTP service (start command). This allows the process to persist in the background independently of the agent session.
Data Exposure (HIGH): The runServer function calls server.listen(port) without specifying a host (like 127.0.0.1). In Node.js, this defaults to listening on all interfaces (0.0.0.0 or ::), exposing the captured data and the log endpoint (/_logs) to anyone on the local network.
External Dependencies (MEDIUM): The skill relies on the pm2 package. While pm2 is a common tool, its installation and usage for background persistence should be reviewed to ensure it aligns with the host's security policy.

request-recorder