The Agent Skills Directory

[DATA_EXFILTRATION]: The skill's primary purpose is to aggregate and export project data, including sensitive files like .env, SOUL.md, USER.md, and memory topics. It packages these into a ZIP or 7z archive in the /data/workspace/output/ directory, which facilitates the transfer of private data outside the controlled environment.
[CREDENTIALS_UNSAFE]: The workflow explicitly searches for and reads environment variables containing API keys (e.g., OPENAI_API_KEY, TELEGRAM_BOT_TOKEN) and database connection strings. It provides functionality to include these secrets in plaintext within the exported archive based on user choice, posing a significant risk of credential exposure.
[COMMAND_EXECUTION]: The skill utilizes shell commands such as zip, 7z, cp, and mkdir to perform packaging operations. The instruction to use 7z a -p"USER_PASSWORD" with a user-provided password string creates a potential vector for command injection if the input is not strictly sanitized before being passed to the shell.

@554/work-migration