The Agent Skills Directory

[Prompt Injection] (MEDIUM): The 'SKILL.md' file includes a 'MANDATORY' workflow section that attempts to constrain agent behavior and force the use of specific external agents ('fuse-ai-pilot') and tools, bypassing standard decision-making processes.
[Unverifiable Dependencies & Remote Code Execution] (HIGH): Automated scanners (URLite) identified a malicious phishing URL in the 'teams.md' reference file. Such links are used to harvest developer credentials or redirect to malicious payload sites. The skill also relies on 'composer install' for third-party code fetching.
[Privilege Escalation] (HIGH): The 'DeployScript.sh.md' template contains shell scripts that utilize 'sudo' for service management. Additionally, the 'SuperAdminSetup.php.md' template provides instructions for implementing a global 'Gate::before' bypass, which effectively neutralizes all authorization checks for specific roles.
[Indirect Prompt Injection] (HIGH):
Ingestion points: The skill ingests codebase patterns and user requirements (untrusted data) to generate authorization logic.
Boundary markers: Absent. The templates do not provide delimiters or instructions to ignore embedded commands in the analyzed code.
Capability inventory: Templates include high-privilege shell script execution ('deploy.sh'), database migrations ('php artisan migrate'), and the ability to modify critical application security guards.
Sanitization: No sanitization or validation logic is provided in the templates for handling user-supplied role or permission names.
[Persistence Mechanisms] (LOW): The 'DeployScript.sh.md' template modifies deployment states and restarts services, which while standard for deployment, provides a surface for persistent unauthorized changes if the script is compromised.

laravel-permission