The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple bash commands using variables ($COMET_STATE, $COMET_GUARD) that are initialized at runtime from an external sourced file. It also uses placeholders like <name> and <change-name> that could lead to command injection if the agent populates them with unsanitized user-provided input.\n- [REMOTE_CODE_EXECUTION]: The skill uses the find command to search for a script named comet-env.sh in various locations, including the current working directory (.). It then proceeds to source this file (. "$COMET_ENV"), allowing for the execution of arbitrary shell code if a malicious file with that name is present in any of the searched directories.

comet-open