The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file references/spaceship-api.md contains instructions for the agent to extract SPACESHIP_API_KEY and SPACESHIP_API_SECRET from the user's ~/.zshrc file using shell commands (grep and cut).
[COMMAND_EXECUTION]: The skill instructions and documentation include the execution of various shell commands:
whois queries to check domain availability in SKILL.md and the example usage.
python scripts/domain_checker.py to perform bulk availability checks.
curl operations in references/spaceship-api.md to interact with the Spaceship API for registration, DNS management, and account operations.
[DATA_EXFILTRATION]: The skill is configured to read local credentials from shell configuration files and transmit them to an external endpoint (https://spaceship.dev/api). While this is functional for the intended use-case (API interaction), it follows a pattern of local secret harvesting and remote transmission.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through Step 3 (Find Promo Codes) in SKILL.md.
Ingestion points: The skill uses WebSearch to fetch content from x.com and reddit.com (e.g., searching for promo codes and coupons).
Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions embedded within the search results.
Capability inventory: The skill has the capability to execute shell commands (whois), perform network operations (curl), and open URLs (open).
Sanitization: There is no evidence of sanitization for the search result content before it is processed by the agent.
Risk: An attacker could post a malicious "promo code" on social media that contains instructions to exfiltrate data or execute dangerous commands if interpreted by the agent.

domain-hunter