The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/agent.py requires a sensitive User PIN to be passed as a command-line argument (--pin). This is a security risk because arguments are often visible in process monitors (like ps), system logs, or shell history.
[COMMAND_EXECUTION]: The function load_library in scripts/agent.py uses pkcs11.lib(lib_path) to dynamically load a shared library file (.so or .dll) from a path provided via the command line. While this is necessary for loading HSM drivers, it constitutes dynamic code execution of a local file provided by the user or agent environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
Ingestion points: The list_objects and enumerate_slots functions in scripts/agent.py read labels, manufacturer IDs, and other metadata directly from the HSM hardware.
Boundary markers: The output is serialized as JSON, but no specific boundary markers or instructions to ignore embedded commands are provided to the agent processing this data.
Capability inventory: The skill has the capability to generate new cryptographic keys and perform signing operations within the HSM.
Sanitization: The script uses .strip() on string values but does not implement sanitization or escaping to prevent control characters or malicious instructions embedded in HSM object labels from influencing the agent's behavior.

performing-hardware-security-module-integration