The Agent Skills Directory

[COMMAND_EXECUTION]: The script mail_cli.sh is vulnerable to command injection. User-supplied parameters like $SUBJECT, $BODY, and $TO are directly interpolated into osascript (AppleScript) commands and shell command arguments without sanitization. An attacker could provide a crafted subject containing quotes to escape the intended command and execute arbitrary code via the shell or AppleScript runtime.
[COMMAND_EXECUTION]: The script uses unquoted expansion of variables like $CC_ARG and $BCC_ARG in the mail command call. This allows an attacker to inject additional command-line flags into the mail utility, potentially leading to unauthorized file reads, alternative configuration loading, or other unintended behaviors depending on the specific mail implementation.
[DATA_EXFILTRATION]: While the skill's stated purpose is sending email, it can be abused to exfiltrate sensitive information. An attacker could leverage the skill to send system files, environment variables, or private data to an external email address if the agent is manipulated (e.g., via indirect prompt injection) to process sensitive information as the email body or recipient.

mail