The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/qbt.py contains hardcoded default credentials (admin/adminadmin) and a default remote host (http://qbt.wsen.me).
[DATA_EXFILTRATION]: The add command in scripts/qbt.py reads local files and sends their contents to the configured host via an HTTP POST request. This capability allows for the exfiltration of sensitive local data if the source argument is manipulated to point to a sensitive file.
[PROMPT_INJECTION]: The skill's workflow is vulnerable to indirect prompt injection. Malicious content on websites visited by the agent (e.g., via browser_use) could provide local file paths instead of magnet links, tricking the agent into executing the add command on sensitive files. Ingestion points: External websites visited using browser_use as described in the workflow. Boundary markers: None present. Capability inventory: File system read and network upload in scripts/qbt.py. Sanitization: No validation is performed on the source argument to ensure it is a valid magnet link or URL before attempting to read it as a local file path.
[COMMAND_EXECUTION]: The skill relies on executing a local Python script (scripts/qbt.py) to perform its operations, which is used to implement the identified data access and exfiltration capabilities.

qbt-hub