The Agent Skills Directory

[DATA_EXFILTRATION]: The skill manages highly sensitive files located in the ~/.ssh/ directory, including private keys and SSH configurations. Access to these paths is essential for the skill's primary purpose but represents a risk of sensitive data exposure if misused.- [COMMAND_EXECUTION]: The skill provides instructions for executing powerful shell commands such as ssh, scp, and ssh-keygen. These allow for arbitrary command execution on remote hosts and the transfer of data across the network.- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its interaction with remote systems.
Ingestion points: Data enters the agent context through remote command outputs and files downloaded via scp (as seen in SKILL.md).
Boundary markers: There are no instructions or delimiters provided to prevent the agent from following malicious commands embedded in remote data.
Capability inventory: The skill uses ssh, scp, and cat to read and write files and execute network-bound commands.
Sanitization: No sanitization or validation is applied to output or files received from remote hosts before processing.

ssh