The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill installs external packages radon via pip and gocyclo via go install. These are fetched from public registries (PyPI and GitHub) that are not on the trusted sources list, which poses a supply chain risk since the agent executes code from these external sources at runtime.
COMMAND_EXECUTION (MEDIUM): The skill executes shell commands like radon cc <path> where <path> is directly interpolated from user input or file system discovery. The absence of path sanitization allows for command injection if a directory or file name contains shell metacharacters such as semicolons or pipes.
PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection. Ingestion points: file paths extracted from git diff and user-provided arguments. Boundary markers: Absent. Capability inventory: Shell execution (pip, go, radon, gocyclo) across multiple steps in SKILL.md. Sanitization: None observed. An attacker could potentially influence agent behavior by creating maliciously named files in a repository.

complexity