The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The file 'references/act/act.sh' facilitates remote code execution by using 'curl' to download an architecture-specific binary from an Azure Blob storage URL ('https://actbin.blob.core.windows.net/act-bin/conformance_${arch}') and executing it directly with 'exec'. Additionally, 'SKILL.md' and 'references/act/README.md' encourage the high-risk pattern of piping a remote script to shell via 'curl ... | bash'.\n- [EXTERNAL_DOWNLOADS]: The skill fetches executable content and testing tools from domains not included in the trusted list, such as 'raw.githubusercontent.com/sine-fdn' and 'actbin.blob.core.windows.net'.\n- [CREDENTIALS_UNSAFE]: Multiple sets of hardcoded 'client_id' and 'client_secret' pairs for the iLEAP Demo API (e.g., 'hello'/'pathfinder', 'transport_service_user'/'ileap') are present in 'references/ileap-extension/pilot-testing/README.md'.\n- [COMMAND_EXECUTION]: The 'references/act/act.sh' script executes system commands to modify file permissions ('chmod +x') and perform binary execution ('exec'), which poses a risk when combined with unverified downloads.\n- [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection detected:\n * Ingestion points: The skill instructs the agent to fetch logistics emissions data from external API endpoints ('/2/footprints' and '/2/ileap/tad') as described in 'SKILL.md'.\n * Boundary markers: The instructions do not define delimiters or provide warnings to ignore instructions that might be embedded in the retrieved JSON data.\n * Capability inventory: The agent is equipped to perform network operations and execute testing binaries as part of the conformance workflow.\n * Sanitization: No requirements or mechanisms for validating or sanitizing the external data before processing are specified.

ileap