The Agent Skills Directory

[Remote Code Execution] (LOW): The skill documentation directs the AI agent to execute the base44 CLI using npx and install the @base44/sdk package. These operations download and execute code from the NPM registry. While standard for the tool's functionality, the package source is not on the pre-approved trusted organizations list. Evidence: references/create.md, references/functions-create.md.
[Prompt Injection] (LOW): The skill enables the management of AI agent configurations, including free-text behavioral instructions, through local files (base44/agents/*.jsonc). This creates an attack surface for Indirect Prompt Injection where malicious content in these files could override agent behavior. 1. Ingestion points: base44/agents/ directory (references/agents-push.md). 2. Boundary markers: No explicit sanitization or delimiters for the instructions field are mentioned. 3. Capability inventory: The push and deploy commands synchronize these instructions to production AI agents (references/deploy.md). 4. Sanitization: Not specified in the reference documentation.
[Command Execution] (LOW): The documentation describes several powerful CLI commands including deploy, eject, and functions deploy. These commands can modify cloud resources, download project code, and execute build scripts locally. Evidence: references/deploy.md, references/eject.md.

base44-cli