The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses the sensitive file path ~/.alex/config.yaml to retrieve and store configuration data.
This file typically contains sensitive information such as service API keys and agent credentials.
The get and list commands provide the agent with the full content of these settings, which can lead to unintended exposure of secrets within the execution context.
[COMMAND_EXECUTION]: The skill relies on the bash tool to execute a Python script (run.py) for processing configuration updates.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the ingestion of external file data.
Ingestion points: Configuration values are loaded from ~/.alex/config.yaml using the _read_config function in run.py.
Boundary markers: The skill does not implement delimiters or system instructions to distinguish between configuration data and potential malicious commands embedded in values.
Capability inventory: The toolset includes file-write capabilities (set_config), allowing an agent or an attacker to modify the configuration used by other components of the system.
Sanitization: While keys are restricted by a regular expression, the values are processed as strings without sanitization, potentially allowing an attacker to inject instructions that the agent might execute if it treats the config as a source of truth.

config-management