The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill documentation includes a hardcoded example password ('SecurePassword123') in the encryption section. Although intended as a placeholder for instructional purposes, it demonstrates a pattern of hardcoding secrets. The Best Practices section appropriately advises using environment variables to mitigate this risk.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via path traversal (Zip Slip) when extracting archives. Maliciously crafted ZIP files could contain entries with relative paths designed to write files outside of the intended extraction directory. 1. Ingestion points: Archive extraction using the 'unzip' action in SKILL.md. 2. Boundary markers: Absent; the skill does not instruct the agent to treat external archive data as untrusted. 3. Capability inventory: The skill has file and directory creation/deletion capabilities through 'bx:zip' and 'directoryCreate'. 4. Sanitization: The provided patterns do not include path validation or canonicalization for ZIP archive entries.

boxlang-zip