The Agent Skills Directory

[COMMAND_EXECUTION]: In scripts/src/run_analysis.ts, the script uses child_process.exec to run analyze_task_data.ts. The taskId variable is taken directly from command-line arguments and interpolated into the shell string without sanitization, creating a potential command injection vector.
[CREDENTIALS_UNSAFE]: The skill's architecture relies on storing plain-text credentials (username and MD5-hashed password) in scripts/config.ts. It also caches sensitive authentication tokens in scripts/data/token_cache.json on the local file system.
[SAFE]: All network operations performed by the skill (in files like analyze_rt_task.ts, common.ts, create_asset_model.ts, etc.) explicitly disable SSL/TLS certificate verification by setting rejectUnauthorized: false in the HTTPS agent. This practice makes all API communications, including the transmission of credentials and security reports, vulnerable to Man-in-the-Middle (MitM) attacks.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of several external Node.js dependencies from the public NPM registry during the setup phase, including axios, ts-node, and typescript.

byted-security-llmscanner