The Agent Skills Directory

[COMMAND_EXECUTION]: The search examples provided in the skill use bash command substitution $(curl ...) to iterate over files. This pattern is vulnerable to shell command injection if filenames on the local machine contain metacharacters such as semicolons, backticks, or spaces.\n- [COMMAND_EXECUTION]: The skill dynamically generates a JavaScript proxy file at /tmp/proxy.mjs and executes it using node.\n- [EXTERNAL_DOWNLOADS]: The skill installs the ws package from the public NPM registry at runtime via npm install ws.\n- [DATA_EXFILTRATION]: The skill is designed to facilitate the transfer of local filesystem data to a remote bridge server using secrets (COMPUTER_CONNECTOR_BRIDGE_TOKEN) and user-defined domains.\n- [REMOTE_CODE_EXECUTION]: Automated scans detected a pattern where output from the local WebDAV proxy is parsed and subsequently used in shell commands, which can lead to arbitrary code execution if the source data is manipulated.

vm0-computer