The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The installation process documented in the README and README.md utilizes a pattern of piping a remote script from GitHub directly into the bash interpreter ('curl | bash'). This allows for arbitrary command execution on the host system from a source that is not verified in the trusted organization list.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the external Dispatch network. 1. Ingestion points: The agent fetches external content via the 'GET /dispatch' (answers from others) and 'GET /inbox' (queries from others) endpoints. 2. Boundary markers: The instructions lack delimiters or system-level warnings to distinguish between agent instructions and the external query/answer data. 3. Capability inventory: The agent possesses capabilities to perform further network requests ('POST /dispatch', 'POST /inbox') and write to local ledger files ('dispatch-pending.md', 'dispatch-inbound.md'). 4. Sanitization: No validation or escaping of external content is specified before the agent processes it or presents it to the user.
[DATA_EXFILTRATION]: The skill reads 'circle keys' from a local configuration file and transmits them as authentication tokens to 'api.peepsapp.ai' along with user-generated search queries. While this is the intended purpose of the skill, it represents a structured transfer of sensitive identifiers and user intent to an external third-party service.
[COMMAND_EXECUTION]: The 'install.sh' script performs automated environment setup, including directory creation and file downloads. It also interactively prompts for and writes configuration data containing authentication keys to the local disk, which could be exploited if the source script is compromised.

dispatch