The Agent Skills Directory

[COMMAND_EXECUTION]: The refresh_all_tags function in portfolio.sh contains a command injection vulnerability. It reads stock data from a JSON file and interpolates it directly into a shell execution string via Python's subprocess.run(['bash', '-c', ...]). Additionally, the add_stock_to_tag_db function uses sed to update a text file without escaping the input, which can be manipulated to execute arbitrary commands or corrupt the file system.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted data (stock names and codes) is used in high-privilege operations. 1. Ingestion points: Data enters via the add-watch and add-position commands in portfolio.sh. 2. Boundary markers: Absent; data is stored in JSON and retrieved for shell interpolation without any delimiters or 'ignore' instructions. 3. Capability inventory: The skill has the ability to execute shell commands, write to the filesystem, and modify the system crontab (setup-cron.sh). 4. Sanitization: Absent; there is no validation or escaping of the input strings before they are used in shell or Python contexts.- [REMOTE_CODE_EXECUTION]: The unsanitized interpolation of user-controlled variables into shell commands allows for the execution of arbitrary code. This can be triggered if the agent is instructed to process a stock with a malicious name from an untrusted external source, leading to local code execution.

sister-portfolio