The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands using variables derived from an external manifest (e.g., $GROUP_NAME, $GROUP_DESCRIPTION, $JFROG_USER_NAME, $EMAIL). These variables are interpolated into command strings using double quotes, which allows the shell to evaluate sub-commands or variables if they are present in the input data (e.g., $(whoami)). This creates a command injection vulnerability.
[DATA_EXFILTRATION]: While the skill's intended use is to communicate with the JFrog Platform, the command injection surface could be exploited to run arbitrary shell commands that exfiltrate sensitive system information or local environment variables.
[COMMAND_EXECUTION]: Risk Analysis (Indirect Prompt Injection Surface):
Ingestion points: Data enters the agent context through manifest YAML inputs defining users and groups in SKILL.md.
Boundary markers: The skill lacks explicit boundary markers or instructional safeguards to ignore malicious instructions embedded within the manifest data.
Capability inventory: The skill has access to the jf CLI tool for network operations and writes temporary files to /tmp/.
Sanitization: No validation, escaping, or sanitization of the manifest-provided strings is performed before they are executed within a shell context.

jfrog-create-users-groups