The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/init_cli.ts invokes pnpm install using execSync to set up new projects. Similarly, scripts/validate_cli.ts runs shell commands like pnpm test and pnpm run lint during the validation process.
[REMOTE_CODE_EXECUTION]: The scripts/validate_cli.ts script identifies the binary entry point from a project's package.json and executes it using execSync to verify its version and help output. This mechanism creates a risk of arbitrary code execution if the script is directed to a malicious project directory where the binary path field contains malicious commands or shell metacharacters.
[EXTERNAL_DOWNLOADS]: The skill templates and scripts perform network requests to the official NPM registry (registry.npmjs.org) to check for package updates and install necessary dependencies. These operations use well-known, trusted infrastructure and are documented neutrally.
[PROMPT_INJECTION]: The validation script scripts/validate_cli.ts is vulnerable to indirect prompt injection. It ingests data from untrusted package.json files (ingestion point) without sanitization or boundary markers. This data is then used in shell commands via execSync, allowing a malicious project to execute arbitrary code. The capability inventory for this skill includes full subprocess execution through execSync across multiple scripts, creating a substantial attack surface.

cli-creator