The Agent Skills Directory

Persistence Mechanisms (MEDIUM): The skill provides specific instructions for configuring persistence via launchd (~~/Library/LaunchAgents/) and systemd (~~/.config/systemd/user/). While these are core features for a daemon, persistence is a high-risk behavior that can be used to maintain unauthorized access.
Privilege Escalation (MEDIUM): The documentation suggests using sudo tee to modify system kernel parameters (inotify limits), which involves executing commands with administrative privileges.
Indirect Prompt Injection (LOW): Evidence Chain: 1. Ingestion points: The skill scans and indexes project source files (SKILL.md). 2. Boundary markers: No delimiters or ignore instructions are specified for the indexed content. 3. Capability inventory: The daemon performs file system reads and transmits data to external embedding providers. 4. Sanitization: No sanitization or validation of the indexed code content is mentioned.
Data Exfiltration (LOW): The skill transmits code embeddings to external providers such as OpenAI. While this is the intended purpose of the tool, it involves sending project content to non-whitelisted third-party domains.

grepai-watch-daemon