The Agent Skills Directory

[COMMAND_EXECUTION]: The skill exhibits a command injection vulnerability in Step 3 where the github_repos input is processed. The input is passed to tr and then interpolated into a shell command (jf api ...). If the repository name contains shell metacharacters like backticks or subshell syntax, it could result in arbitrary command execution on the host.
[DATA_EXFILTRATION]: The skill writes sensitive data to world-readable temporary files in /tmp. Specifically, the output of jf api /artifactory/api/system/license, which contains license details, and OIDC provider/mapping configurations are stored in /tmp/oidc-license.json, /tmp/oidc-providers.json, and /tmp/oidc-mappings.json. This exposes sensitive system configuration to any local user or process.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data (github_repos) and uses it to construct administrative API calls without sufficient boundary markers or robust sanitization. This allows malicious input to potentially alter the intended configuration of the OIDC identity mappings.

jfrog-oidc-setup