The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script references/core/audit.sh automatically attempts to install the pyyaml Python package using pip install if it is not found. This occurs silently (-q) and without version constraints, introducing a potential supply chain risk during the skill's execution.
[COMMAND_EXECUTION]: The skill frequently executes shell commands via the Bash tool to run auditing logic and setup scripts. This includes the execution of audit.sh and the provided Python engine security_controls_engine.py.
[EXTERNAL_DOWNLOADS]: The skill's Docker setup documentation (references/core/docker_verification.md) provides instructions to download and execute scripts from external sources, such as sh.rustup.rs and dot.net, using the high-risk curl | sh pattern. Although these originate from well-known technology organizations, the method of execution is a significant security concern.
[PROMPT_INJECTION]: The agent.md file contains instructions designed to override the agent's default operational boundaries, directing it to use an aggressive 'GO SUPER HARD' scanning posture and to exhaustively iterate through all attack vectors.
[DATA_EXFILTRATION]: Multiple reference files, including references/languages/java_practical.md and references/core/poc_generation.md, contain hardcoded references to DNS logging domains such as dnslog.cn. These services are commonly used for data exfiltration during Out-of-Band (OOB) vulnerability testing. While legitimate for auditing, they represent a potential leak path for sensitive data if the agent executes these payloads against real environments.
[SAFE]: The automated scanner's identification of sh.rustup.rs as a botnet URL is confirmed as a false positive, as it is the official installation service for the Rust programming language.

code-audit