The Agent Skills Directory

[COMMAND_EXECUTION]: The TypeScript implementation of the 'search_codebase' tool uses child_process.execSync to run ripgrep commands. While it attempts to escape single quotes in the user-provided search pattern, it does not sanitize other shell-active characters, leaving the system vulnerable to injection.
[COMMAND_EXECUTION]: The 'run_tests' tool in the TypeScript example performs direct string interpolation of the 'file_pattern' argument into an execSync call ('pnpm test ${args}'). This creates a shell injection vulnerability where an attacker can execute arbitrary system commands using separators like semicolons.
[COMMAND_EXECUTION]: The 'review_code' prompt template accepts a 'file_path' and reads the file using fs.readFile without validating or restricting the path. This allows an AI agent to potentially read any file accessible to the server process.
[REMOTE_CODE_EXECUTION]: The skill provides server templates designed to expose the local shell to an AI agent via tools. By including insecure implementation examples for these powerful capabilities, the skill increases the risk of unauthorized remote code execution if the templates are used in production without additional security hardening.

mcp-server-builder