The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/parse-connection-string.sh is vulnerable to shell command injection. When the jq utility is not available, the script falls back to using an unquoted heredoc (cat <<EOF) to generate JSON output. This causes the shell to evaluate command substitutions (e.g., $(...)) or backticks contained within the connection string variables ($HOST, $USER, $PASSWORD). An attacker could exploit this to execute code by providing a malicious connection string.
[PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing untrusted user data (connection strings) and passing it to shell scripts and CLI tools. 1. Ingestion points: User-provided connection strings via prompt interpolation in SKILL.md. 2. Boundary markers: None present to isolate untrusted data from instructions. 3. Capability inventory: Execution of a local bash script (scripts/parse-connection-string.sh) and the goldsky CLI tool. 4. Sanitization: The parsing script only partially escapes double quotes and backslashes, leaving characters like $ and backticks active for shell expansion.

secrets