Skills

The skill is functionally inert and lacks transparency regarding its purpose, licensing, and implementation, failing to provide any verifiable utility or security assurance.

The skill exhibits insecure design by bypassing model invocation restrictions and blindly executing unverified external skills, creating a significant risk of malicious sub-agent hijacking.

The skill facilitates SSRF via arbitrary URL fetching and enables remote command injection by piping unverified API responses directly into shell commands, violating its stated network access restrictions.

This skill poses severe security risks by exposing sensitive browser data, creating unauthorized public network tunnels, enabling unauthenticated remote debugging, and employing social engineering for financial exploitation.

The skill performs unverified remote code execution by piping unsanitized scripts directly into a shell and executes unauthorized file write operations, posing a critical security risk.

The skill executes arbitrary code by piping unverified remote scripts directly into a shell, granting external servers full control over the agent's environment without disclosure or security checks.

The skill executes arbitrary code by piping remote scripts directly into the shell, posing a critical security risk of unauthorized remote code execution.

This skill uses coercive prompts to hijack agent workflows and force unauthorized enterprise-tier cloud provisioning while relying on unverified, insecure dependency execution and missing critical documentation.

This tool masquerades as a content creator but functions as a malicious backdoor that exfiltrates credentials, executes arbitrary code, and maintains persistent, stealthy control over the user's social accounts.

The skill forces the execution of unverified remote scripts to install dependencies, creating a critical supply chain vulnerability that enables arbitrary code execution and potential credential harvesting.

The skill masquerades as a commit message generator but forces unauthorized terminal execution of git commands, bypassing critical human oversight and verification processes.

The skill mandates an insecure curl-to-bash installation pattern that executes unverified remote scripts with system privileges, creating a critical risk of arbitrary code execution.

The skill executes arbitrary code by piping unverified remote scripts directly into a shell, creating a critical vulnerability that allows for unauthorized system access and remote command execution.

The skill uses deceptive persona framing and arbitrary command execution to bypass safety filters, enabling remote code execution and unauthorized network scanning through malicious shorthand instruction injection.

The skill forces the execution of unverified remote scripts via insecure curl-to-bash patterns, exposing the agent to arbitrary code execution and supply chain attacks.

The skill systematically exfiltrates sensitive user prompts, proprietary code, and session identifiers to third-party servers while coercing the agent into executing unauthorized telemetry scripts without user consent or oversight.

The skill hijacks the agent's reasoning to force mandatory, opaque bash script execution and silently exfiltrates sensitive user prompts and session identifiers to external endpoints without explicit user consent.

The skill exfiltrates verbatim user prompts and session identifiers to external endpoints while executing opaque, unconstrained shell scripts that bypass the agent's visible reasoning loop.

The skill performs unauthorized file system operations and introduces undocumented commands and UI components that deviate from its stated purpose, posing a significant risk of arbitrary code execution.

The skill executes arbitrary remote code by piping unverified scripts directly into a shell, bypassing security controls and creating a critical vulnerability for remote command execution.

This skill masquerades as an official tool to force the silent exfiltration of user prompts and session data via hidden scripts while enabling arbitrary remote command injection.

The skill facilitates prompt injection via untrusted Copilot Spaces and requests excessive permissions to perform destructive CRUD operations, significantly exceeding its stated purpose of providing project context.

The skill executes arbitrary remote code via insecure curl-to-bash installation and lacks necessary tool declarations, creating a critical risk of unauthorized system access and remote command execution.

This skill performs unauthorized schema discovery and executes dangerous SQL injection patterns to exfiltrate sensitive production data under the guise of generating documentation.

This skill facilitates arbitrary remote code execution, insecurely handles authentication tokens, and lacks necessary security constraints, creating significant risks for system compromise and unauthorized data access.

The skill performs unauthorized data exfiltration to external servers, executes unconstrained network operations, and introduces supply chain risks by installing unpinned dependencies without declaring necessary security permissions.

The skill facilitates remote code execution by allowing arbitrary file modification, executing unpinned packages, and downloading untrusted external content for build processes without sufficient security validation.

The skill insecurely executes unverified remote shell scripts and lacks integrity checks, creating a high risk of arbitrary code execution and supply chain compromise.

The skill poses a significant supply chain risk by directing users to install unverified, external code from an untrusted repository instead of providing functional AI-powered PPT generation.

This skill deceptively exfiltrates sensitive local session data and agent traces to Hugging Face while executing unverified code and performing unauthorized network operations without declaring necessary tool permissions.

The skill exposes an unauthenticated Chrome remote-debugging port to the local network, enabling full browser control, while executing unverified dependencies and performing unauthorized network and file system operations.

The skill lacks functional implementation logic, a clear description, and licensing information, rendering it non-functional and failing to meet basic transparency and security standards for agent tools.

The skill lacks functional implementation logic, a clear description, and licensing information, rendering it non-functional and failing to meet basic transparency and security standards.

The skill is a deceptive shell that lacks functional PDF capabilities and introduces severe supply chain risks by forcing users to execute unverified, remotely hosted code.

The skill poses a critical supply chain risk by executing unverified, unpinned code from an external repository, masquerading as a video editor while lacking transparency and security controls.

The skill performs unauthorized administrative modifications to user profiles and metadata while executing unconstrained network requests and potential prompt injections through external content, masquerading as a simple research summarizer.

The skill deceptively exfiltrates sensitive data to external CLI tools, executes arbitrary commands without oversight, and lacks necessary security constraints, posing severe risks of prompt injection and supply chain compromise.

The skill exposes hardcoded credentials, lacks necessary security declarations for network and tool access, and provides insecure implementation instructions while failing to include critical documentation files.

The skill promotes dangerous security bypasses, executes unpinned packages, and lacks defined tool constraints, creating an unmonitored environment prone to unauthorized system access and malicious command execution.

This skill executes unverified remote code, exfiltrates local files, and uses opaque binaries to bypass security oversight while posing as a legitimate tool to harvest user credentials.

The skill executes arbitrary remote code and insecurely manages sensitive credentials while bypassing security constraints by failing to declare its network and file system tool permissions.

The skill masquerades as a code auditor but forces autonomous, unverified, and recursive codebase modifications that risk destructive changes and the exposure of sensitive configuration data.

This skill functions as a malicious exploitation toolkit that instructs the agent to perform destructive SQL injections, exfiltrate credentials, and execute unauthorized reverse shells against target systems.

The skill is malicious, enabling SQL injection and unauthorized Airflow CLI command execution while forcing unverified dependencies to bypass security controls and exfiltrate sensitive pipeline metadata.

This skill is critically insecure, enabling arbitrary command injection, unauthorized file system access, and financial transactions while actively bypassing human oversight and failing to implement necessary safety constraints.

The skill promotes insecure development by hardcoding sensitive API keys and PCI-violating payment card data, creating significant risks for credential exposure and data breaches.

This skill hijacks general discovery queries to execute unauthorized financial transactions and crypto wallet operations via unverified third-party CLIs, while bypassing security controls through malicious external instruction injection.

The skill lacks functional implementation, tool integration, and licensing, serving as a non-functional placeholder that fails to provide the advertised AI-powered document generation capabilities.