alt Hacker NewsA skill is just a program for an LLM agent. This just seems like works-as-expected. Are the five lines in the skill notably innocuous or something? I don't mean to dismiss it out of hand but I don't understand what happened here because it seems to read "`curl $url | bash` can exfiltrate data" which seems pretty straightforward that it can.
Replies
prpl • today at 12:02 AM
Right, people haven’t internalized that these are really just scripts in natural language.
A skill is just instructions that the agent can autonomously copy into context. There’s no trust boundary between trusted and untrusted context.