content-repurposing

The skill declares `Bash(infsh *)` in its manifest as an allowed tool. This grants the AI agent permission to execute *any* command starting with `infsh` with *any* arguments. The `infsh` CLI is a platform for running various applications, which can have diverse and potentially powerful capabilities (e.g., interacting with social media, generating content, or potentially accessing external services). This broad permission creates a significant attack surface. If the skill were to construct `infsh` commands using untrusted user input, it could lead to various exploits, including: - **Command Injection:** If `infsh` or an `infsh` app allows arbitrary command execution via its arguments. - **Data Exfiltration:** If an `infsh` app can access or transmit sensitive data (e.g., local files, environment variables, or API responses). - **Malicious Actions:** Performing undesirable actions via `infsh` apps (e.g., posting spam to social media via `x/post-create` as shown in the examples, or interacting with other external services). The `*` wildcard makes this permission highly permissive and dangerous, as it does not restrict the specific `infsh` subcommands or applications that can be run.