The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (MEDIUM): The SKILL.md documentation provides explicit commands to execute scripts that are not included in the provided files: scripts/validate_navigation_tree.js and scripts/generate_routes.py. This poses a risk as it encourages the execution of unverified code that may be hallucinated by an agent or fetched from untrusted sources.
[COMMAND_EXECUTION] (LOW): The skill includes a CLI script (scripts/calculate_breadcrumbs.js) intended for local execution. This script uses the fs module to read local files provided via command-line arguments. While the script logic is benign, this represents a capability that could be misused to read sensitive data if the file path is attacker-controlled.
[INDIRECT_PROMPT_INJECTION] (LOW): The navigation configuration schema and processing scripts ingest external data (JSON/YAML). There is a minor risk of schema confusion or downstream logic manipulation if the agent processes untrusted external navigation configurations without proper validation, although the impact is largely limited to code generation.

implementing-navigation