The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill performs a git pull from an untrusted GitHub repository (yousufjoyian/tesseract) and subsequently executes npm run dev. This creates a path for remote code execution if the repository content is malicious. Severity is downgraded to MEDIUM as this behavior is the primary intended purpose of the skill.
Privilege Escalation (LOW): The troubleshooting documentation suggests the use of sudo for Tailscale management. While not part of the automated scripts, providing instructions for high-privilege commands increases the security risk surface.
Data Exposure & Exfiltration (LOW): The skill retrieves the local Tailscale IP address and reveals hardcoded local file paths (/home/yousuf/local_workspaces/tesseract). This information is exposed to the agent output.
Indirect Prompt Injection (LOW): The skill ingests untrusted data from an external repository and lacks sanitization or boundary markers.
Ingestion points: git pull in SKILL.md.
Boundary markers: Absent.
Capability inventory: Shell command execution via npm and git.
Sanitization: Absent.

tesseract