The Agent Skills Directory

[COMMAND_EXECUTION]: The script in src/index.ts (line 23) constructs a shell command by concatenating the ORG variable directly into a string passed to execSync. This ORG value is retrieved from a configuration file (knowledge/confidential/context/github-repo-auditor/config.json). If an attacker can modify the contents of this configuration file, they can achieve arbitrary command execution on the host system.
[REMOTE_CODE_EXECUTION]: The inclusion of unsanitized input into execSync allows for the execution of arbitrary system commands, which represents a critical remote code execution vector if the configuration source is externally influenced.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). Ingestion points: Untrusted repository names and descriptions are retrieved from the GitHub CLI output in src/index.ts and analyzed in src/lib.ts. Boundary markers: None; the skill does not wrap the external repository data in delimiters or provide instructions to ignore embedded commands. Capability inventory: The skill has system-level execution capabilities through execSync. Sanitization: There is no evidence of sanitization or validation of the repository data before it is processed for classification or written to the final audit report in work/github_audit_report.json.

github-repo-auditor