The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides several installation commands for various tool suites (Marketing, Sales, Legal, Reputation, GEO/SEO) and a comprehensive 'install-all' command that fetch shell scripts from raw.githubusercontent.com and pipe them directly into bash. This method allows for arbitrary remote code execution without user verification of the script content. Specific URLs include: https://raw.githubusercontent.com/zubair-trabzada/ai-marketing-claude/main/install.sh, https://raw.githubusercontent.com/zubair-trabzada/ai-sales-claude/main/install.sh, https://raw.githubusercontent.com/zubair-trabzada/ai-legal-claude/main/install.sh, https://raw.githubusercontent.com/zubair-trabzada/ai-reputation-claude/main/install.sh, https://raw.githubusercontent.com/zubair-trabzada/geo-seo-claude/main/install.sh, and https://raw.githubusercontent.com/zubair-trabzada/ai-agency-claude/main/install-all.sh.
[COMMAND_EXECUTION]: The skill uses bash commands including 'test -f', 'find', and 'wc' to inspect the local filesystem, verify the presence of files, and count sub-skills within directories. While functional, this provides the agent with visibility into the user's directory structure.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes external files to determine version information. 1. Ingestion points: Reads 'VERSION', 'SKILL.md', 'package.json', and 'metadata.json' files from sub-directories in Step 3. 2. Boundary markers: None. 3. Capability inventory: The skill can execute local shell commands and provide remote code execution paths. 4. Sanitization: None observed.

agency-stack