The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to construct shell commands by directly interpolating user-provided input (the generation ID) into a curl URL string: curl -s "https://zenmux.ai/api/v1/management/generation?id=<generation_id>". This pattern is vulnerable to command injection if the agent does not sanitize the input, as a malicious user could provide an ID containing shell metacharacters (e.g., ;, &&, or backticks) to execute arbitrary code on the host system.
[CREDENTIALS_UNSAFE]: The instructions guide the agent to collect a sensitive Management API Key from the user and append it in plaintext to the user's shell profile (~/.zshrc) using export ZENMUX_MANAGEMENT_KEY="<key>". Storing secrets in plaintext within shell startup scripts is an insecure practice that increases the risk of credential exposure to other processes or users with access to the filesystem.
[PERSISTENCE_MECHANISMS]: The skill explicitly automates the modification of persistent system configuration files (~/.zshrc) to store environment variables, which can be used to maintain access or modify shell behavior across sessions.

zenmux-usage