The Agent Skills Directory

[COMMAND_EXECUTION]: The freeze and guard subcommands take a user-supplied path argument and interpolate it directly into a shell environment variable and command (echo "$FREEZE_PATH" > ~/.mystack/freeze.txt). This creates a command injection vulnerability where a user can provide input containing shell metacharacters (e.g., ;, `, $( )) to execute arbitrary code in the agent's execution environment.
[DATA_EXFILTRATION]: The skill accesses the user's home directory to create a hidden folder (~/.mystack) for state and logs. It also executes shell commands to collect metadata such as the current Git branch name (git branch --show-current) and the repository name (git rev-parse --show-toplevel). This information is appended to a local timeline log, representing exposure of project-related metadata.

stacksmith-safety