The Agent Skills Directory

[COMMAND_EXECUTION]: The assets/renderable-job.yml template contains a shell command injection vulnerability where the variable ${{ matrix.mmd }} is directly interpolated into a shell script block (run: | MMD="${{ matrix.mmd }}"). Since this variable is populated with file paths detected from the repository in assets/affected-job.yml, an attacker could trigger arbitrary code execution on the runner by committing a file with a malicious name (e.g., $(whoami).mmd).
Ingestion points: File names are retrieved via git diff and passed to the matrix output in assets/affected-job.yml.
Boundary markers: No delimiters or safety instructions are used to isolate the matrix variable in the shell script.
Capability inventory: The runner executes shell commands using the variable in assets/renderable-job.yml.
Sanitization: No sanitization or escaping is performed on the file paths before interpolation into the run script.
[EXTERNAL_DOWNLOADS]: The skill utilizes third-party GitHub Actions from non-trusted sources, specifically nrwl/nx-set-shas@v4 and geekyeggo/delete-artifact@v5. These actions represent external dependencies that should be reviewed for security or pinned to immutable SHAs to prevent supply chain attacks.
[SAFE]: The skill correctly uses official and trusted GitHub Actions including actions/checkout@v4, actions/setup-node@v4, actions/setup-go@v5, actions/upload-artifact@v4, and actions/download-artifact@v4.

github-actions-nx