The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates arbitrary command execution on multiple remote hosts via SSH (e.g., ssh synology, ssh dobro). It includes high-privilege operations such as sudo docker for container management and synopkg for NAS package administration.- [DATA_EXFILTRATION]: Accesses and describes sensitive internal network metadata. It provides a detailed inventory of IP addresses, hostnames, and service endpoints in references/network-inventory.md. Additionally, it instructs the agent to utilize the sensitive configuration file ~/.ssh/config to manage connections.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from service logs.
Ingestion points: The skill instructs the agent to read logs via sudo docker logs, journalctl -u caddy, and files located in /var/log/.
Boundary markers: There are no delimiters or instructions provided to ensure the agent ignores malicious instructions that might be embedded in the log output.
Capability inventory: The agent has extensive capabilities, including remote shell access, file transfer (scp, rsync), and modification of configuration files (~/Caddyfile).
Sanitization: No sanitization or validation of external content (logs) is performed before processing.- [CREDENTIALS_UNSAFE]: References the CLOUDFLARE_API_TOKEN environment variable used for DNS-01 challenges. While the token value is not hardcoded, exposing the variable name and its specific usage context provides a target for credential harvesting if the environment is compromised.

home-network-admin