The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The references/technology-registry.md file includes an installation command for Maestro that pipes a remote script directly into a shell (curl -Ls "https://get.maestro.mobile.dev" | bash). Although mobile.dev is a recognized service in the mobile testing industry, this method involves executing unverified code from a remote source.
[COMMAND_EXECUTION]: The Audit Mode in SKILL.md utilizes shell commands such as wc, ls, and basename within a loop that iterates over directory structures in /mnt/skills/user/. These commands operate on file paths that could be influenced by external content.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves ingesting and analyzing untrusted SKILL.md files from a shared library directory. * Ingestion points: The skill reads the contents of SKILL.md files located in /mnt/skills/user/*/. * Boundary markers: There are no explicit delimiters or instructions to the agent to disregard commands or instructions found within the audited files. * Capability inventory: The skill possesses the capability to execute shell commands, run Python scripts, and copy files to output directories. * Sanitization: The audit-skills.py script uses regular expressions for pattern matching but does not perform sanitization or escaping of the ingested text before it is processed by the agent.

hvs-skill-buddy