The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of dynamically generated PowerShell code. In scripts/email_alias_fabric_ops.py, the run_pwsh function constructs a script as a string—incorporating variables such as mailboxes and alias names—writes it to a temporary file, and executes it via subprocess.run(['pwsh', ...]). While variable quoting is applied, this pattern of dynamic execution of shell commands is a significant security vector.
[REMOTE_CODE_EXECUTION]: Automated scanners identified a pattern in scripts/email_alias_fabric_ops.py where data retrieved from external APIs (Microsoft Graph and Cloudflare) via urllib.request.urlopen is parsed and subsequently used in logic that drives command construction and execution.
[EXTERNAL_DOWNLOADS]: The PowerShell bootstrap logic in scripts/caduceusmail-bootstrap.ps1.txt automatically installs missing dependencies (Microsoft.Graph and ExchangeOnlineManagement modules) from the PowerShell Gallery (PSGallery) using the Install-Module command. Although these are official Microsoft modules, downloading and executing code from external repositories at runtime is a notable behavior.
[CREDENTIALS_UNSAFE]: The skill is designed to manage high-entropy secrets, including Microsoft Entra client secrets and Cloudflare API tokens. It provides options (--persist-env, --persist-secrets) to save these credentials into a plaintext environment file at ~/.caduceusmail/.env, which could lead to exposure if the system is compromised.
[COMMAND_EXECUTION]: In scripts/email_alias_fabric_ops.py, the resolve_entra_exchange_script function can be configured (via CADUCEUSMAIL_ALLOW_EXTERNAL_SCRIPT_RESOLUTION) to search parent directories for an executable script named entra-exchange.sh, introducing a risk of executing an unintended or malicious file if the workspace environment is not strictly controlled.

caduceusmail