The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The scripts/publish.sh script suggests the command curl -fsSL https://here.now/install.sh | bash as a fallback for installing the jq dependency. Piping unverified remote scripts directly into a shell session is a critical security risk that can lead to complete system compromise.
[DATA_EXFILTRATION]: The core functionality of the skill is to read local files and directories and upload them to external servers at here.now. While this is the stated purpose, it facilitates the movement of potentially sensitive local data to a third-party service.
[COMMAND_EXECUTION]: The script scripts/publish.sh executes several system-level commands, including curl, find, file, and jq, to collect and transmit local information.
[CREDENTIALS_UNSAFE]: The skill stores and retrieves API keys from ~/.herenow/credentials. Although it sets restricted file permissions (chmod 600), the practice of storing long-lived credentials in a predictable plain-text location within the home directory poses a security risk.
[EXTERNAL_DOWNLOADS]: The skill relies on external package installation via npx and promotes the download of installation scripts from an external domain.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8). 1. Ingestion points: Untrusted local files provided via the TARGET argument in scripts/publish.sh. 2. Boundary markers: Absent. 3. Capability inventory: Significant system and network access via curl and shell execution. 4. Sanitization: Absent. Malicious instructions within published files could be executed or processed if the resulting URLs are subsequently accessed by an agent.

here-now