The Agent Skills Directory

[COMMAND_EXECUTION]: The shell commands defined in SKILL.md for adding, removing, and listing items use direct string interpolation for the <item> and <quantity> parameters (e.g., sqlite3 /data/workspace/pantry.db "INSERT ... VALUES (lower('<item>'), '<quantity>', ...);"). This lack of sanitization allows an attacker to inject shell metacharacters such as ;, `, or $() to execute arbitrary code on the host machine.\n- [DATA_EXFILTRATION]: The injection vulnerability enables an attacker to perform SQL injection or direct shell command execution to read sensitive files from the workspace (such as .env files or credentials) and potentially exfiltrate them.\n- [PROMPT_INJECTION]: The skill's architecture creates a surface for indirect prompt injection by processing untrusted user input for database and shell operations without boundary markers or validation logic.\n
Ingestion points: User-provided values for <item> and <quantity> in the /fridge command set.\n
Boundary markers: None identified; user input is embedded directly into command templates.\n
Capability inventory: Shell command execution and SQLite database interaction are available across the skill functions.\n
Sanitization: No input validation, character escaping, or sanitization is performed on external content before it is executed.

fridge-tracker