The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/quadrants-cli.sh is vulnerable to command injection through shell variable expansion. Parameters such as TASK_ID, PROJECT_ID, and TASKS_JSON are interpolated directly into double-quoted strings within the script. If these variables contain shell metacharacters like $(...) or backticks, the shell will evaluate and execute them. Evidence: In scripts/quadrants-cli.sh, the line call_api "{\"action\":\"complete\",\"taskId\":$TASK_ID}" and the bulk-create action allow for arbitrary command execution if the agent is tricked into providing malicious input.\n- [PROMPT_INJECTION]: The skill retrieves and processes untrusted task descriptions and project data from an external API, creating a surface for indirect prompt injection. Ingestion points: Data from https://quadrants.ch is fetched by the tasks, projects, and overview actions. Boundary markers: The skill does not implement delimiters or instructions to treat the external data as untrusted. Capability inventory: The agent can execute shell commands and perform network operations using the provided CLI script. Sanitization: No sanitization is performed on the data retrieved from the remote API before it is presented to the agent.

quadrants