The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/check_sensitive_words.py reads sensitive shell configuration files, including ~/.bashrc, ~/.zshrc, ~/.bash_profile, ~/.profile, and ~/.zprofile, to retrieve the REDFOX_API_KEY. Accessing these files is a significant security concern as they often contain other sensitive environment variables and system credentials.\n- [COMMAND_EXECUTION]: The skill's instructions in SKILL.md direct the agent to modify the user's shell profile files (e.g., appending export commands to .zshrc or .bashrc) to persist environment variables. Modifying shell initialization scripts is a persistence mechanism that can be abused for unauthorized access or behavior.\n- [DATA_EXFILTRATION]: The skill transmits user-provided content and the REDFOX_API_KEY to an external vendor endpoint (https://redfox.hk/story/api/cozeSkill/sensitiveWordSearch) for processing. While this is the intended functionality for the author's service, it involves the transmission of potentially sensitive user data to a remote server.\n- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface by processing data from external URLs and files.\n
Ingestion points: The scripts/extract_text.py script accepts and processes content from local files via --path and external web URLs via --url.\n
Boundary markers: No specific delimiters or instructions are used to separate untrusted external data from the agent's instructions.\n
Capability inventory: The skill can perform network requests to the vendor's API and read local files from the system.\n
Sanitization: Although extract_text.py performs basic HTML tag removal, it lacks semantic validation to prevent malicious instructions embedded in the processed text from influencing the agent.

multi-wordcheck