The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The file bun-runtime-simple/checklist.md recommends the command curl -fsSL https://bun.sh/install | bash. This is a critical remote code execution pattern that bypasses signature verification and executes an external script directly in the shell. While common for tool installation, the source is not in the pre-approved Trusted Sources list.
COMMAND_EXECUTION (MEDIUM): The skill provides instructions and examples for executing shell commands via Bun's native $ API and the agent's Bash tool (e.g., await $ls -la`` in bun-runtime-simple/README.md). While appropriate for a developer skill, it increases the impact of potential injections.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted project data and possesses powerful write/execute capabilities.
Ingestion points: Read, Grep, and Glob tools are used to scan package.json and source code.
Boundary markers: Absent. The instructions do not specify delimiters or provide guidance to ignore instructions embedded within the analyzed code.
Capability inventory: Read, Write, Edit, Glob, Grep, Bash, Task, Skill.
Sanitization: Absent. There is no evidence of input validation or escaping for the data read from the filesystem before it is processed by the agent.

faion-javascript-developer