The Agent Skills Directory

Remote Code Execution (CRITICAL): The template in references/templates.md contains the command curl -sS https://getcomposer.org/installer | php. This pattern downloads a script from the internet and executes it immediately. Because the source is not in the trusted list and the script is piped directly to the PHP interpreter without hash verification, it constitutes a critical remote execution risk.
Indirect Prompt Injection (HIGH): The skill is designed to ingest and analyze untrusted external project files to generate CI/CD configurations which are then executed.
Ingestion points: The skill explicitly reads composer.json, existing .gitlab-ci.yml files, and Dockerfiles from the target project.
Boundary markers: There are no instructions in SKILL.md to use delimiters or ignore embedded instructions when processing these files.
Capability inventory: The skill generates highly privileged configurations that execute shell commands, manage Docker containers, and perform SSH-based deployments.
Sanitization: No sanitization or validation logic is specified to prevent malicious content in project metadata from influencing the generated pipeline code.
Command Execution (MEDIUM): The generated deployment jobs in references/templates.md use ssh -o StrictHostKeyChecking=no. This practice disables server identity verification, making the deployment pipeline vulnerable to Man-in-the-Middle (MITM) attacks when connecting to staging or production hosts.

acc-create-gitlab-ci