The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes SSH commands that include the flags -o StrictHostKeyChecking=no and -o UserKnownHostsFile=/dev/null. This configuration bypasses the verification of the remote host's identity, significantly increasing the risk of Man-in-the-Middle (MitM) attacks where an attacker could intercept the tunnel traffic.
[DATA_EXFILTRATION]: Facilitates the creation of public reverse tunnels that map local ports (such as web servers, databases, or MCP endpoints) to the public internet via the pinggy.io service. This represents a data exposure risk as it provides a pathway for external actors to reach services running on the agent's host environment.
[EXTERNAL_DOWNLOADS]: Establishes network connections to the external domain a.pinggy.io on port 443 to facilitate the tunnel. Automated scanners flagged several pinggy.link subdomains as malicious; while these are likely transient URLs used by third parties on the shared infrastructure, they highlight the risks associated with using public tunnel services for sensitive data.

pinggy-tunnel