The Agent Skills Directory

[COMMAND_EXECUTION]: The template-formula command in the justfile is vulnerable to shell command injection. The variable {{json}} is interpolated directly into a Node.js script inside backticks without escaping. An attacker can use backticks to terminate the string early and execute arbitrary JavaScript, which can be leveraged to run system commands on the developer's machine.
[REMOTE_CODE_EXECUTION]: Automated security scans identified a pattern where remote archives are downloaded and piped to a shell. While the documentation in SKILL.md intends to demonstrate SHA256 calculation using shasum, the presence of such command patterns in research instructions presents a high risk of executing untrusted code if the command is modified or misapplied.
[EXTERNAL_DOWNLOADS]: The skill documentation and research checklists frequently suggest using curl and the GitHub CLI (gh api) to retrieve metadata and source tarballs from external repositories. These operations fetch untrusted content from remote sources that is processed by the agent.
[DATA_EXFILTRATION]: The formula generation pipeline explicitly disables character escaping and does not validate the content of command strings provided in the input JSON. This creates a risk of generating Homebrew formulas that perform unauthorized operations, such as exfiltrating environment variables or sensitive local files, during the installation or testing phases.

pkgmgr-homebrew-formula-dev