The Agent Skills Directory

[COMMAND_EXECUTION]: The utility script 'scripts/poll-status.sh' uses 'eval' to execute commands provided as arguments. If the command string is constructed using untrusted data, this allows for arbitrary command injection within the agent's execution environment.
[COMMAND_EXECUTION]: In 'SKILL.md', the variable 'input' (derived from the first argument) is directly interpolated into shell commands such as 'cd "${input:-.}"'. This lacks proper sanitization and represents a shell command injection vulnerability if the user provides a malicious path.
[EXTERNAL_DOWNLOADS]: The skill clones external repositories from arbitrary Git URLs provided by users into the local workspace. This creates a surface for indirect prompt injection or supply chain attacks as the agent subsequently analyzes and executes code from these sources.
[CREDENTIALS_UNSAFE]: The script 'scripts/gen-docker-compose-test.sh' contains several hardcoded credentials (e.g., 'testpw', 'minio12345') for local service containers. While intended for testing, hardcoded secrets are a security anti-pattern and can lead to unintended exposure.

volcengine-deploy