The Agent Skills Directory

[COMMAND_EXECUTION]: The serial_helper.py script implements a monitor_mode feature that accepts a --trigger-script command-line argument. This argument is executed directly using subprocess.run(trigger_script, shell=True), allowing arbitrary shell commands to be run on the host machine where the agent is executing.
[PROMPT_INJECTION]: The skill documentation and examples include instructions and patterns for destructive actions, such as rm -rf /, chmod 777, and modifying boot arguments to gain root shells. Although these are intended for a target IoT device, their presence in the agent's context creates a surface for prompt injection where the agent might be induced to execute these commands on its own environment.
[DATA_EXFILTRATION]: The skill is designed to capture and log all traffic from a serial device (e.g., /dev/ttyUSB0), which typically contains sensitive information like passwords, cryptographic keys, and internal configurations. The serial_helper.py script writes this data to files in the /tmp/ directory by default, which may expose this data to other local processes or users.
[EXTERNAL_DOWNLOADS]: The SKILL.md instructions recommend installing the pyserial package and mention using tools like curl and wget to interact with remote APIs or download scripts, representing an external dependency surface.

picocom