The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to download a pre-compiled binary from 'https://github.com/Ataraxy-Labs/sem/releases/latest/download/sem-x86_64-unknown-linux-gnu'. This source is not recognized as a trusted organization or well-known service.
[REMOTE_CODE_EXECUTION]: The installation pattern provided in 'modules/detection.md' involves downloading a remote binary and granting it execution permissions using 'chmod +x'. This facilitates the execution of unverified external code on the user's system.
[COMMAND_EXECUTION]: The skill utilizes several shell commands including 'cargo install', 'brew install', and complex pipelines using 'git', 'grep', 'sed', and 'rg'. These patterns take variable inputs like git baseline markers and file paths, which could be exploited for command injection if the inputs are not strictly sanitized.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted data from git diffs. Ingestion points: 'git diff' hunks and file names processed in 'modules/fallback.md'. Capability inventory: Subprocess calls to 'git', 'grep', 'sed', and 'rg' in 'modules/fallback.md'; network operations via 'curl' and package managers 'cargo'/'brew' in 'modules/detection.md'; and execution of the 'sem' binary in 'SKILL.md'. Boundary markers: Absent. Sanitization: Absent. There are no instructions or mechanisms to prevent the agent from obeying commands embedded within the diff content or filenames it processes.

sem-integration