The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill processes untrusted external data which could contain malicious instructions designed to hijack the agent.\n
Ingestion points: scripts/scan_secrets.py reads content from arbitrary files in the target directory using open().\n
Boundary markers: Absent. Content from scanned files is presented to the agent without delimiters or instructions to ignore embedded commands.\n
Capability inventory: scripts/safe_pack.py has the ability to execute external commands via subprocess.run(['repomix', ...]) and sys.executable.\n
Sanitization: Absent. The script extracts raw matches and context strings from files.\n- Credentials Exposure (HIGH): The skill is explicitly designed to locate and extract high-value secrets (AWS keys, Stripe keys, Private keys).\n
Evidence: scripts/scan_secrets.py contains regex patterns for various credentials and prints them to stdout, placing sensitive data directly into the agent's context window.\n- Command Execution (MEDIUM): The skill executes external tools based on user-provided directory paths and configuration.\n
Evidence: scripts/safe_pack.py uses subprocess.run to call repomix. While it uses an argument list rather than a shell string, control over pathnames and configuration files could potentially influence the execution environment.

repomix-safe-mixer