The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses various shell commands such as find, grep, rg, and uv to audit the local file system, scan lockfiles, and check installed package metadata.
[CREDENTIALS_UNSAFE]: The incident response triage checklist includes a command to capture a snapshot of the shell environment (env > /tmp/env_snapshot_$(date +%s).txt). This action writes all environment variables—which often contain sensitive credentials, API keys, and cloud tokens—to a predictable local file, potentially exposing them to other local processes or users.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting and processing data from external, untrusted sources.
Ingestion points: Package names, versions, and metadata are extracted from files such as uv.lock, requirements.txt, and .venv directory structures.
Boundary markers: The skill does not implement delimiters or specific instructions to the agent to ignore or isolate content embedded within these processed files.
Capability inventory: The agent performs automated file system searches and executes shell commands based on the package indicators found during ingestion.
Sanitization: There is no evidence of sanitization or validation of the package strings or metadata before they are used to guide the agent's scanning and response actions.

supply-chain-advisory