The Agent Skills Directory

[COMMAND_EXECUTION]: The Node.js scripts in the skill use child_process.execSync to run ripgrep. The inputGlob variable, which is passed directly to the shell, is taken from user-controlled command line arguments (process.argv[2]) without any sanitization. This creates a high risk of command injection where an attacker could execute arbitrary system commands by providing a malicious glob pattern.
[COMMAND_EXECUTION]: The skill requires administrative privileges for installation, recommending the use of sudo apt-get install. Spawning processes with elevated privileges increases the potential impact of command injection or malicious script execution.
[EXTERNAL_DOWNLOADS]: The skill guides the user to download and install external packages (ripgrep, nodejs, npm) from system package repositories. While these are trusted sources, the installation of external binaries contributes to the overall attack surface of the environment.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data with high-privilege capabilities.
Ingestion points: The rg tool and Node.js scripts ingest the contents of local source files (Vue, JS, HTML, CSS) which may be attacker-controlled in shared or CI environments.
Boundary markers: No delimiters or instructions to ignore embedded commands are used when reading or processing these files.
Capability inventory: The skill has the capability to spawn subprocesses via execSync and write to the local filesystem (ui-guidelines-report.txt).
Sanitization: There is no validation, escaping, or sanitization of the file contents before they are processed by the scripts or emitted as output.

web-interface-guidelines-review