The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs and executes shell commands using the listenhub CLI by directly inserting user input (such as {topic} and {url}) into the command string. If a user provides input containing shell metacharacters like semicolons, pipes, or backticks, they could execute arbitrary commands on the host system.
[EXTERNAL_DOWNLOADS]: The skill utilizes curl to download audio files from a URL provided by the CLI output. This pattern of downloading and saving remote content to the local filesystem based on dynamic variables is a security-sensitive operation.
[REMOTE_CODE_EXECUTION]: The combination of unsanitized user input and shell command execution facilitates a remote code execution vulnerability, allowing attackers to potentially gain control over the environment where the agent operates.
[PROMPT_INJECTION]: The skill processes untrusted data from topics and URLs. Ingestion points: {topic} and {url} input parameters. Boundary markers: Absent. Capability inventory: Subprocess execution via listenhub and curl, and file system writes. Sanitization: Absent. This combination creates a surface for indirect prompt injection.

slides