The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill recommends using sshpass -p 'password' for remote server access in SKILL.md. This method transmits credentials as command-line arguments, making them visible in plaintext to other users on the system via process monitoring tools and command history.
[COMMAND_EXECUTION]: The skill employs docker run --privileged=true in scripts/docker-commands.sh. Running containers in privileged mode bypasses standard isolation boundaries, granting the containerized process extensive access to the host kernel and hardware devices.
[REMOTE_CODE_EXECUTION]: The skill clones the msmodelslim project from an external Git repository (gitcode.com/Ascend/msmodelslim.git) and executes an accompanying installation script (bash install.sh) within the user environment (scripts/msmodelslim-setup.sh). While this originates from a vendor-associated repository, it constitutes execution of unverified remote code.
[COMMAND_EXECUTION]: The skill exhibits an indirect prompt injection surface by parsing local README.md files to dynamically extract and execute system commands and environment variables.
Ingestion points: The skill reads content from {work_path}/msmodelslim/example/{model_name}/README.md using grep in scripts/env-check.sh and templates/env-checklist.md.
Boundary markers: No delimiters or instructions are used to distinguish documentation from executable commands, leading the agent to treat parsed text as valid instruction input.
Capability inventory: Extracted strings are used to perform pip install operations and set shell environment variables via export in scripts/quant-execute.sh.
Sanitization: There is no validation or sanitization of the content extracted from the README before it is passed to the shell for execution.

msmodelslim-quant