The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill mentions 'curl -s https://codecov.io/bash | bash' within a case study documenting the 2021 Codecov compromise. This is provided as historical reference and is not an instruction for the agent to execute code from a remote source.
[PROMPT_INJECTION]: The skill's reconnaissance flow involves processing untrusted data, which creates a potential surface for indirect prompt injection. 1. Ingestion points: Fetches repository contents (package.json, workflow YAMLs) via GitHub API and remote JavaScript bundles via curl. 2. Boundary markers: No delimiters or explicit instructions are provided to the agent to ignore embedded commands in the analyzed data. 3. Capability inventory: The skill utilizes curl, gh, docker, and python3 for its operations. 4. Sanitization: Data is processed using grep and jq for extraction, which does not provide sanitization against malicious instructions embedded in the target data.
[EXTERNAL_DOWNLOADS]: The skill performs metadata lookups on official registries including npmjs.org, pypi.org, and rubygems.org. These are neutral reconnaissance activities targeting well-known services.
[COMMAND_EXECUTION]: The skill employs various local CLI tools for analysis, including docker for image layer inspection and trufflehog for secret scanning, which are standard utilities for security reconnaissance.

supply-chain-attack-recon