The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's primary installation method involves piping a remote shell script directly from an untrusted personal GitHub repository (nashsu/autocli) to the system shell (curl -fsSL ... | sh). This allows for arbitrary code execution with the user's current permissions without any integrity verification.
[EXTERNAL_DOWNLOADS]: The skill facilitates the download of binary executables and scripts from an unverified third-party GitHub repository. These downloads lack version pinning or cryptographic signatures, making the system vulnerable to supply chain attacks or malicious updates at the source.
[COMMAND_EXECUTION]: The skill documentation encourages the use of sudo to move third-party binaries into system-wide executable paths (/usr/local/bin/), granting the software elevated privileges. It also uses commands to append shell completions to sensitive startup files like ~/.bashrc and ~/.zshrc, which can be abused for persistence.
[DATA_EXFILTRATION]: The tool manages high-value sensitive data, including browser session tokens for 55+ social media platforms and a custom API token stored in ~/.autocli/config.json. The ability to define custom API endpoints via AUTOCLI_API_BASE provides a mechanism for redirecting this sensitive data to attacker-controlled infrastructure.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from various external websites (e.g., Twitter, Reddit). There are no boundary markers or sanitization procedures described to prevent malicious instructions embedded in web content from influencing the agent's behavior during data processing.

autocli-web-scraping