The Agent Skills Directory

[COMMAND_EXECUTION]: The script "scripts/capture-screenshots.js" performs dynamic code generation by creating a temporary Node.js script (".capture-tmp.mjs") at runtime and executing it using "execSync". This is used to drive Playwright for automated screen captures. While this logic is part of the skill's core functionality, dynamic script execution is a powerful capability that increases the skill's attack surface.
[COMMAND_EXECUTION]: Several workflow scripts, including "scripts/audit-unassigned-tasks.js", "scripts/generate-documentation-changelog.js", and "scripts/run-review-task.js", utilize "execSync" or "spawnSync" to execute shell commands such as "git" and various CLI runners. These operations are intended for auditing repository changes and facilitating AI-driven reviews.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from user requests and codebase comments (e.g., via "scripts/detect-unassigned-tasks.js"). This content is subsequently interpolated into instructions for AI agents (e.g., in "agents/decompose-task.md") without the use of clear boundary markers or delimiters. This could potentially allow adversarial instructions embedded in comments or requests to influence the behavior of downstream agents. Capability inventory includes Bash, Write, and subprocess execution via "execSync". Sanitization is limited to basic character escaping in some scripts.

task-specification-creator