The Agent Skills Directory

[COMMAND_EXECUTION]: The script ai-code-stats.js uses execSync to run git commands with unsanitized file paths. Evidence: execGit(\"git show HEAD -- \"${filePath}\"\"). If a file in the repository is maliciously named with shell metacharacters, it could lead to arbitrary command execution when the script processes the commit history.\n- [COMMAND_EXECUTION]: The script is vulnerable to path traversal via the username command-line argument. Evidence: const userDir = path.join(projectRoot, 'AI-Generate', username); followed by fs.mkdirSync(userDir). A crafted username such as ../../ could allow the script to create directories and write report files outside of the intended project scope.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository files. Ingestion points: File contents are read via fs.readFileSync in the isAIGeneratedFile and analyzeAIGeneratedSections functions in ai-code-stats.js. Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the scanned files. Capability inventory: The skill has the ability to execute shell commands via execSync and perform file system operations. Sanitization: There is no sanitization or escaping of the content read from the files before processing it for markers.

ai-code-stats