The Agent Skills Directory

[DATA_EXFILTRATION]: The scripts/ingest.ts script enables the reading of arbitrary files from the agent's filesystem and transmits the data to a remote service. • Evidence: The script utilizes readFileSync to access the file path specified in the filePath parameter of the JSON input. • Evidence: The ingested file contents are then sent to the configured Convex backend service using an HTTP POST request.
[REMOTE_CODE_EXECUTION]: The skill provides instructions that require the agent to download and run code from a remote GitHub repository. • Evidence: Documentation in README.md and SKILL.md directs the agent to execute git pull followed by bun run skills:update within the laniameda.gallery repository.
[PROMPT_INJECTION]: The skill architecture is susceptible to indirect prompt injection due to its handling of untrusted data while possessing file-read and network capabilities. • Ingestion points: scripts/ingest.ts processes url and promptText fields from potentially untrusted sources. • Boundary markers: Absent; the skill does not use delimiters or provide instructions to the agent to ignore commands embedded within the ingested content. • Capability inventory: The scripts/ingest.ts script has filesystem access via readFileSync and network access via the fetch API. • Sanitization: Absent; the script does not perform validation or filtering on the provided file paths or ingested data.

laniameda-gallery-ingest