The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The SKILL.md and references/demo-setup.md files instruct the agent to download and execute a bootstrap script from a remote GitHub repository using the 'curl | bash' pattern. This method executes unvetted code from the internet with the privileges of the running process. Evidence: 'curl -fsSL https://raw.githubusercontent.com/ModernRelay/omnigraph/main/scripts/local-rustfs-bootstrap.sh | bash'.
[COMMAND_EXECUTION]: The skill executes multiple local shell commands, including environment variable injection ('source ./.env.omni') and starting background processes ('omnigraph-server ... &'). These operations allow for state changes and persistent local server execution.
[CREDENTIALS_UNSAFE]: SKILL.md includes hardcoded access keys and secrets ('AWS_ACCESS_KEY_ID=rustfsadmin') for a local storage environment. Hardcoding credentials, even for development purposes, is a security anti-pattern.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its research workflow. (1) Ingestion points: The research workflow in references/research.md uses WebFetch and WebSearch to pull untrusted external content. (2) Boundary markers: No delimiters or specific instructions to ignore embedded commands in the fetched data are present. (3) Capability inventory: The skill can execute bash commands and perform data mutations via the omnigraph CLI. (4) Sanitization: While the skill suggests a manual review of 'seed.md' by the user, it lacks automated sanitization or escaping of the ingested web content before it is processed.
[EXTERNAL_DOWNLOADS]: The skill performs external network operations to fetch configuration and data, including cloning a repository from GitHub ('git clone https://github.com/ModernRelay/omnigraph-cookbooks.git') and downloading article content from various newsletters and blogs during the research phase.

omnigraph-intel-bootstrap