The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The SKILL.md file references and provides usage instructions for external scripts: scripts/find-pattern.sh and scripts/extract-examples.sh. These scripts are not included in the provided skill package. Instructing an agent to execute unverified external scripts is a security risk, as their content cannot be audited.
[COMMAND_EXECUTION]: In references/20-function-calling.md, the skill includes a functional C code snippet named evil() that executes system("/bin/sh"). While presented as an educational demonstration of buffer overflow exploits, providing functional 'weaponized' code templates could be abused if the agent is directed to compile and run them in a restricted environment.
[COMMAND_EXECUTION]: The SKILL.md file includes an instruction containing a hardcoded local path: cd /home/ares/yyskills/output/modern-c-dev. Directing an agent to interact with specific local filesystem paths outside of its immediate environment can be used to target or expose data in sensitive user directories.
[COMMAND_EXECUTION]: The references/15-dynamic-linker.md file provides detailed instructions on using LD_PRELOAD for function interpositioning. While intended for debugging (e.g., counting memory allocations), this technique is a potent vector for hijacking program execution and could be misused to intercept sensitive data or escalate privileges.

modern-c-dev