The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/open.sh accepts a LINE argument and interpolates it directly into the nvr command as +"$LINE". Neovim interprets strings following the + flag as Ex commands. An attacker can provide an input such as :!touch /tmp/pwned instead of a numeric line to execute arbitrary shell commands on the host.
[PROMPT_INJECTION]: The skill instructions direct the agent to extract line numbers from user requests or search results. This creates an indirect prompt injection vector where a malicious file could contain text that tricks the agent into passing a Neovim command string as the 'line number' argument.
[COMMAND_EXECUTION]: The SKILL.md file uses dynamic execution markers (e.g., !pwd, !$CLAUDE_PLUGIN_ROOT/scripts/nvr-discover) that execute shell commands to populate documentation fields. This represents an additional command execution surface that relies on the environment's security posture.

nvr-open