The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The install_gangtise.sh script downloads 19 functional AI agent skills as ZIP bundles from an external Huawei Cloud OBS bucket (https://gts-download.obs.myhuaweicloud.com/skills/). These skills are extracted and integrated into the agent's environment, allowing for the execution of unverified external code.
[EXTERNAL_DOWNLOADS]: SKILL.md includes a Python script that uses the GitHub API to download and write skill files directly to the agent's local directory from the author's repository (daymade/claude-code-skills). This mechanism bypasses standard verification and allows for the silent update of executable code.
[COMMAND_EXECUTION]: The skill relies on shell scripts (install_gangtise.sh, configure_auth.sh, diagnose.sh) that perform operations such as modifying file permissions (chmod 600), creating symlinks across the agent's skills and configuration directories, and executing network requests to external APIs.
[CREDENTIALS_UNSAFE]: The configure_auth.sh script prompts for and processes sensitive accessKey and secretAccessKey credentials. While it applies restricted file permissions, it transmits these secrets to a remote endpoint (open.gangtise.com) for verification.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the Gangtise API and open web (ingestion points in SKILL.md and references/skill_registry.md) without explicit boundary markers or sanitization. This data is processed by workflow skills with significant capabilities (capability inventory includes subprocess calls in scripts), including shell execution and file system access. Additionally, the file .security-scan-passed contains deceptive metadata intended to mislead security reviewers.

gangtise-copilot