The Agent Skills Directory

[COMMAND_EXECUTION]: Arbitrary Code Injection via Unsanitized Arguments. The system.sh script uses unquoted bash heredocs (<< PYEOF) to generate and execute Python code. User-supplied arguments for --path, --filter, --user, and --top are interpolated directly into the Python source text without sanitization. An attacker can provide crafted inputs (e.g., containing quotes or shell substitutions) to break out of the intended Python string context and execute arbitrary Python or shell commands on the host system.\n- [DATA_EXFILTRATION]: Credential and Secret Exposure. The env command retrieves and displays all environment variables. This poses a significant security risk as environment variables frequently contain sensitive secrets such as AWS_SECRET_ACCESS_KEY, STRIPE_API_KEY, and database connection strings. Providing a mechanism to dump these variables facilitates immediate credential theft.\n- [EXTERNAL_DOWNLOADS]: Third-Party Dependency. The script relies on the psutil library for data gathering. While it does not download the package automatically, it explicitly instructs the user to install it via pip, which introduces external code that must be verified for safety.

system-info