The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands including pnpm audit, pnpm why, and pnpm update to identify and resolve vulnerabilities. These operations are essential for its stated function of auditing and maintaining Node.js project security. \n- [EXTERNAL_DOWNLOADS]: It facilitates downloads from the official npm registry and interacts with GitHub via the gh CLI. These actions target well-known, trusted services and organizations. \n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from package.json and audit logs. \n
Ingestion points: Untrusted data enters the context through package.json and the JSON output of pnpm audit. \n
Boundary markers: The skill lacks explicit markers or instructions to prevent the agent from being influenced by potentially malicious instructions hidden in package names or metadata. \n
Capability inventory: The skill has the ability to modify the local filesystem through pnpm update and perform network searches via gh. \n
Sanitization: There is no evidence of validation or sanitization of variables like package names before they are interpolated into shell commands.

audit