The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The file references/markdown.md contains a live phishing URL (http://malicious-site.com/tool.exe) and a tracking pixel URL (http://tracker.evil.com/pixel.gif). While these are documented as examples of unsafe Markdown, their presence in the skill's reference material is a security risk as an agent might inadvertently access or recommend these malicious domains.
[REMOTE_CODE_EXECUTION]: Reference guides in references/python.md and references/shell.md contain code patterns for remote code execution, such as Python's eval() and pickle.loads(), and Shell's eval. These are provided as educational examples of unsafe practices but represent high-risk code segments.
[COMMAND_EXECUTION]: In references/shell.md, the skill documents destructive shell commands like rm -rf $dir/$file (which can resolve to root if variables are empty) and command injection vulnerabilities. Static analysis confirms these are destructive patterns.
[DATA_EXFILTRATION]: Reference materials in references/markdown.md and references/python.md highlight patterns for sensitive data exposure and exfiltration, including hardcoded credentials (e.g., sk-1234567890abcdef) and external tracking pixels.
[PROMPT_INJECTION]: The skill has a significant attack surface for Indirect Prompt Injection as it is designed to process and analyze untrusted third-party code. The skill includes specific constraints in SKILL.md and references/lessons-learned.md (Constraints 9-11) aimed at mitigating sophisticated prompt injection and DoS attacks through JSON nesting and multimodal token manipulation.

security-code-review