The Agent Skills Directory

[COMMAND_EXECUTION]: The bash script 'scripts/select-perspectives.sh' uses an unquoted heredoc ('cat << EOF') to output information. This construction allows the shell to perform command substitution and variable expansion on the content within the block before it is processed by the shell.
[REMOTE_CODE_EXECUTION]: The variables '$CONTEXT', '$SPECIFICS', and '$STAKES' in 'scripts/select-perspectives.sh' are derived from command-line arguments and expanded within the heredoc. Because the heredoc delimiter is unquoted, an attacker could provide malicious input such as '$(id)' or 'whoami' to trigger arbitrary command execution in the environment where the script is invoked.

adversarial-thinking