The Agent Skills Directory

[Persistence] (HIGH): The skill automatically installs a git post-commit hook in the project's .git/hooks directory. This hook is designed to execute the incremental_indexer.py script every 10 commits. This establishes long-term persistence and ensures code execution occurs without the user's immediate command or ongoing consent.
[Command Execution] (HIGH): The skill requests and utilizes Bash permissions to install the hook and change file permissions using chmod +x. Automated scans also detected subprocess execution patterns associated with downloading and running code via urllib.
[Data Exfiltration] (MEDIUM): The script incremental_indexer.py uses urllib.request.urlopen to send data to a configurable api_url (defaulting to localhost:8051). This provides a vector for exfiltrating code chunks or sensitive project information to an external server if the URL is redirected.
[Indirect Prompt Injection] (LOW): 1. Ingestion points: The skill reads various code and configuration files via os.walk in incremental_indexer.py. 2. Boundary markers: Absent; there are no delimiters or warnings to ignore embedded instructions in the ingested files. 3. Capability inventory: The skill has Read, Write, and Bash capabilities, allowing it to modify the system or generate docs based on indexed content. 4. Sanitization: Absent; code is read and chunked directly without validation or filtering.
[Time-Delayed / Conditional Attacks] (MEDIUM): The indexing expansion logic is gated by a commit counter, causing full execution to be delayed and conditional on user development activity rather than immediate invocation.

analyze-project