The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to download an executable binary from an untrusted external source. Evidence: curl -O https://dl.min.io/client/mc/release/linux-amd64/mc. The domain dl.min.io is not included in the [TRUST-SCOPE-RULE] whitelist of trusted sources.\n- COMMAND_EXECUTION (HIGH): The skill executes unverified binaries and uses elevated privileges for system installation. Evidence: chmod +x mc && sudo mv mc /usr/local/bin/ in SKILL.md. This constitutes unverified binary execution with privilege escalation.\n- CREDENTIALS_UNSAFE (HIGH): The skill contains hardcoded access and secret keys for the public MinIO Play sandbox. Evidence: MINIO_ACCESS_KEY="Q3AM3UQ867SPQQA43P2F" and MINIO_SECRET_KEY="zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG".\n- DATA_EXFILTRATION (MEDIUM): The skill provides extensive tools for local-to-remote file transfers, which can be leveraged for data exfiltration. Evidence: mc cp /path/to/file.txt myminio/my-bucket/ and curl-based upload scripts.\n- PROMPT_INJECTION (HIGH): The skill has a significant surface for indirect prompt injection (Category 8) because it ingests untrusted data from remote buckets while possessing command execution capabilities. \n
Ingestion points: mc cp myminio/my-bucket/file.txt /local/path/ and mc mirror operations.\n
Boundary markers: None present to delimit or warn about untrusted content.\n
Capability inventory: High-risk capabilities including mc, curl, and bash -c subprocess execution.\n
Sanitization: No sanitization or validation of downloaded content identified.

minio