The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill generates and executes a Node.js proxy script at /tmp/proxy.mjs to establish a network bridge for local file access.
[EXTERNAL_DOWNLOADS]: The skill uses npm install to download and install the ws library from the public npm registry.
[COMMAND_EXECUTION]: Shell examples in the documentation use command substitution $(...) with data retrieved from the proxy. This creates a shell injection vulnerability where malicious file names could execute arbitrary commands in the sandbox.
[DATA_EXFILTRATION]: The skill tunnels filesystem data through a remote domain (webdav.${DOMAIN}), creating a surface for potential data movement from the local machine to an external endpoint.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when reading local files.
Ingestion points: Reading file contents via curl requests to the local proxy (SKILL.md).
Boundary markers: None identified in the provided code or documentation.
Capability inventory: Ability to run shell commands, perform network requests, and write to the filesystem.
Sanitization: No validation or sanitization is performed on file contents before they are processed by the agent.

vm0-computer