Skills

This skill performs unauthorized network exfiltration, mandates vendor lock-in by hijacking model selection, and hides its outbound communication capabilities by failing to declare required network permissions in the manifest.

This skill facilitates SSRF and data exfiltration by allowing unvalidated user input in network requests, exposes sensitive environment variables, uses insecure CORS policies, and lacks necessary security capability declarations.

This skill poses a critical risk by enabling arbitrary JavaScript execution, session hijacking, and unauthorized local file exfiltration while lacking necessary security constraints or declared tool permissions.

The skill performs unauthorized file writes and initiates unapproved outbound network connections, creating a significant risk of data exfiltration and system compromise.

This skill lacks necessary tool constraints and security declarations while facilitating data exfiltration via unauthorized network access and insecure credential handling practices.

The skill executes unpinned, unverified dependencies and performs unauthorized network requests while insecurely handling sensitive API tokens without declaring necessary tool constraints or security boundaries.

The skill executes unpinned packages and performs unauthorized network operations, creating significant supply chain risks and potential data exfiltration vectors due to a lack of defined tool constraints.

This skill functions as a malicious exploitation toolkit that instructs the agent to perform destructive SQL injections, exfiltrate credentials, and execute unauthorized reverse shells against target systems.

The skill performs unauthorized network exfiltration and executes arbitrary commands while bypassing security constraints by failing to declare its required tools and capabilities.

The skill performs unauthorized file writes and network requests, uses unpinned dependencies, and includes malicious patterns for data exfiltration via shell commands.

The skill performs unauthorized file writes and initiates unapproved outbound network connections, creating a significant risk of data exfiltration and system compromise.

This skill poses a critical security risk by executing unpinned global dependencies and performing unauthorized network exfiltration of environment variables while lacking necessary tool-use constraints.

This skill impersonates a legitimate AI brand and contains malicious code that uses network utilities to exfiltrate sensitive data.

The skill exposes hardcoded credentials, lacks necessary tool and network constraints, and performs unauthorized outbound data transmissions, creating significant risks of credential theft and unmonitored system access.

The skill facilitates data exfiltration via shell commands, exposes sensitive credentials through insecure configuration practices, and lacks necessary security constraints for its network and file system operations.

The skill performs unauthorized network exfiltration via curl/wget and executes unconstrained system commands while masking its true functionality through missing documentation and suspicious hidden instructions.

The skill performs unauthorized network exfiltration via shell commands and lacks necessary tool declarations, while relying on missing external assets that create unpredictable and insecure runtime behavior.

This skill exfiltrates data via unauthorized network commands, processes sensitive payment information, and lacks necessary tool declarations, indicating a high risk of malicious activity and insecure design.

The skill performs unauthorized network exfiltration via shell commands and lacks necessary tool declarations, while relying on missing external assets and suspicious hidden instructions to execute its workflow.

This skill exfiltrates data via unauthorized network commands, processes sensitive payment information, and lacks necessary security declarations, while relying on missing external assets to execute potentially malicious hidden instructions.

The skill lacks declared tool permissions and executes unauthorized network requests to exfiltrate data while referencing missing files that may hide malicious runtime instructions.

The skill performs unauthorized network exfiltration and command execution while relying on external, unverified references that expose the agent to prompt injection and supply chain manipulation.

The skill performs unauthorized shell execution and file operations while using dangerous command injection patterns to exfiltrate data via unapproved network requests.

The skill executes dynamic code via eval, performs unauthorized outbound network requests, and relies on unverified dependencies, creating significant risks for code injection and sensitive data exfiltration.

This skill performs unauthorized shell execution, file manipulation, and network exfiltration while attempting to bypass security manifests by fingerprinting the host environment and piping data to external servers.

The skill lacks retry limits for rate-limited requests, creating a resource exhaustion vulnerability, and includes unrestricted outbound network access that could facilitate unauthorized data exfiltration.

The skill uses insecure global variables for authentication and URL construction, enabling credential leakage and data exfiltration, while employing deceptive tagging to hijack agent activation.

The skill exposes a persistent, unvalidated webhook server that facilitates SSRF attacks and exfiltrates environment secrets to external network sinks, significantly exceeding its authorized tool permissions.

This skill exposes high-privilege API keys, facilitates data exfiltration, and contains critical vulnerabilities including SQL injection and SSRF due to improper input sanitization and insecure network request handling.

This skill exfiltrates sensitive environment variables via unauthorized network requests and contains an infinite loop pattern that poses a significant risk of resource exhaustion and denial of service.

The skill insecurely handles sensitive credentials by exposing them in command arguments and exfiltrating them over the network, while also introducing command injection risks through unvalidated API responses.

The skill lacks necessary tool constraints, executes unverified shell commands via pipe-to-curl, and uses unpinned dependencies, creating significant risks for remote code execution and supply chain compromise.

The skill insecurely handles sensitive Sentry authentication tokens by passing them through unquoted environment variables into network commands, leading to potential credential exfiltration and command injection vulnerabilities.

This skill hides malicious content using CSS and performs unauthorized network exfiltration and command execution while bypassing security constraints by failing to declare its required tools.

The skill performs unauthorized file system modifications and initiates unapproved outbound network connections, creating a significant risk of data exfiltration and system compromise.

The skill performs unauthorized network exfiltration via hidden curl/wget commands while bypassing security constraints by failing to declare its tool usage or network capabilities.

The skill performs unauthorized host enumeration and network exfiltration while bypassing security constraints by failing to declare its tool usage and network capabilities.

The skill performs unauthorized network connections and utilizes pipe-to-curl commands to exfiltrate data, posing a critical security risk despite the missing license.

The skill insecurely exposes API keys via shell commands, performs unauthorized HTTP exfiltration, and is vulnerable to prompt injection through attacker-controlled local JSON configuration files.

The skill uses fabricated user authorization to exfiltrate data via unauthorized network connections and pipe commands, posing a severe security risk to the host environment.

The skill insecurely exposes sensitive Trello credentials via shell commands, facilitates command injection, and performs unauthorized network exfiltration while lacking necessary tool and capability declarations.

The skill uses insecure dynamic code execution and lacks validation for FHIR server endpoints, creating significant risks of code injection, unauthorized data exfiltration, and clinical database corruption.

The skill executes arbitrary code via dynamic evaluation and shell commands, performs unauthorized file system traversal, and initiates unmonitored network requests, creating a severe risk of remote code execution.

The skill executes arbitrary code via eval(), lacks necessary tool constraints, and performs unauthorized outbound network requests, creating significant risks for code injection and data exfiltration.

This skill performs unauthorized network exfiltration via curl and wget while bypassing security constraints by failing to declare its tool usage or network capabilities.

The skill contains critical vulnerabilities including SQL injection, command execution, and SSRF, which enable unauthorized data exfiltration and internal network access, contradicting its stated purpose of secure code analysis.

The skill performs unauthorized file writes, accesses sensitive environment variables, and uses network requests to exfiltrate data, violating security policies by bypassing restricted tool permissions.

The skill insecurely exposes the BAMBOOHR_API_KEY in process lists and exfiltrates sensitive credentials to an external network endpoint via unauthenticated shell commands.