The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute curl commands that are dynamically constructed using variables like {ns}, {days}, and {original_json}. There is a risk of shell command injection if these variables contain shell metacharacters (such as single quotes or semicolons) and are not properly sanitized or escaped before being interpolated into the shell command strings. For example, in the JSON publishing workflow, {original_json} is placed directly inside single quotes.
[DATA_EXFILTRATION]: The skill's primary function is to transmit local data (text, JSON, or files) to the external domain brewpage.app. While this is the intended purpose, it creates a mechanism that could be abused to exfiltrate sensitive files, such as environment variables or SSH keys, if the agent is directed to do so.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from user arguments and local files and possesses high-risk capabilities.
Ingestion points: Data is ingested through the $ARGUMENTS variable and file contents read via the Bash tool.
Boundary markers: No specific delimiters or instructions are used to prevent the agent from obeying commands embedded within the data being published.
Capability inventory: The skill has the ability to read arbitrary local files and perform external network requests.
Sanitization: Although jq is used to encode some text payloads, file paths and raw JSON content are interpolated directly into shell commands without thorough escaping.
[CREDENTIALS_UNSAFE]: The skill saves "owner tokens" returned by the API into a local file at .claude/brewpage-history.md. These tokens are sensitive credentials that grant the ability to update or delete the published content on the remote service.
[EXTERNAL_DOWNLOADS]: The documentation encourages installing the skill via npx from a third-party GitHub repository (kochetkov-ma/claude-brewcode), which involves downloading and executing external code.

brewpage-publish