The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/change_scope_analyzer.py performs recursive file system traversal using os.walk on the path specified by the user. It identifies and reads the contents of all files matching a wide range of source code and configuration extensions.- [DATA_EXFILTRATION]: The score_file function in scripts/change_scope_analyzer.py reads file contents and extracts specific lines containing keywords related to authentication and configuration (e.g., 'password', 'token', 'auth'). These snippets are returned to the agent's output. If the tool is executed on sensitive directories (such as user home folders or configuration paths), it could expose credentials or private data through the agent's response.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8). * Ingestion points: The tool processes untrusted data from the --bug description argument and the content of files discovered in the file system. * Boundary markers: The output format (JSON/Text) does not provide delimiters or instructions for the agent to ignore potentially malicious instructions embedded in the analyzed code snippets. * Capability inventory: The skill has the capability to read and summarize any file accessible to the agent process. * Sanitization: There is no sanitization or escaping of the extracted code snippets before they are presented in the analysis output.

focused-fix