The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes a local bash script (scripts/scan.sh) to perform system-wide audits. It invokes standard command-line tools including find, grep, jq, stat, and shasum to inspect the user's home directory and project folders for malicious artifacts.
[EXTERNAL_DOWNLOADS]: The skill configuration and documentation contain references to several domains identified as malicious or associated with phishing campaigns, such as git-tanstack.com, api.masscan.cloud, and sfrclak.com. These are utilized as search strings (Indicators of Compromise) to detect signs of infection in local lockfiles and source code.
[PROMPT_INJECTION]: There is an indirect prompt injection surface where the skill allows updating its internal iocs.json file based on user-provided data about new malware campaigns. This behavior creates a pathway for external data to influence the parameters of the shell script, though the script includes basic quoting to mitigate direct command injection.
[DATA_EXFILTRATION]: The skill includes instructions regarding the handling of stolen credentials and describes the behavior of specific malware families (e.g., 'dead-man's-switch' payloads). This information is provided to guide the user through safe remediation steps and does not involve the exfiltration of user data by the skill itself.

supply-chain-audit