The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/binary/capture_cli_help.sh executes a user-supplied binary with the --help flag to extract documentation. This enables the execution of arbitrary code if the binary provided for analysis is malicious, even when run with a timeout.
[DATA_EXFILTRATION]: The scripts/fetch_url.py utility explicitly supports the file:// URI scheme. This allows the agent to read sensitive local files (such as SSH keys, configuration files, or credentials) if provided with a malicious path in the --docs-sitemap-url parameter.
[COMMAND_EXECUTION]: The main driver script scripts/reverse_engineer_rpi.py extensively uses subprocess.run to execute shell commands, including git clone, git fetch, and internal bash scripts. This creates an attack surface for command injection if user-provided parameters like upstream-ref or product_name are not sufficiently sanitized.
[PROMPT_INJECTION]: The skill processes untrusted external content from sitemaps, repository metadata (e.g., package.json, pyproject.toml), and strings extracted from binaries. This data is interpolated into markdown reports and structured registries without robust sanitization, making the agent vulnerable to indirect prompt injection from malicious target projects.
[DYNAMIC_EXECUTION]: The skill dynamically generates and executes Python and Shell scripts, such as validate-feature-registry.py and validate-security-audit.sh. While these follow internal templates, the runtime generation and execution of code increases the complexity and risk profile of the skill.

reverse-engineer-rpi