The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is vulnerable to Python code injection. It interpolates the $ARGUMENTS variable directly into a Python script string (filt = '$FILTER') which is then executed via python3 -c. A user or attacker providing crafted input could escape the string literal and execute arbitrary Python code inside the local environment.
[DATA_EXFILTRATION]: The script reads sensitive authentication tokens (secret) from local Clash configuration files (clash-verge.yaml and config.yaml). Accessing configuration files containing credentials from the filesystem is a high-risk operation that could lead to unauthorized data exposure if exploited.
[PROMPT_INJECTION]: The skill lacks sanitization for user-provided input in the $ARGUMENTS field before it is used in shell commands and Python code. This creates an attack surface for indirect prompt injection where malicious input could influence the agent's actions or the script's behavior.

clash-routes