The Agent Skills Directory

Remote Code Execution (CRITICAL): The file references/installation.md promotes the use of piped remote execution patterns: curl -LsSf https://astral.sh/ruff/install.sh | sh and powershell -c "irm https://astral.sh/ruff/install.ps1 | iex". These are critical security risks because they execute unverified remote code, and the source domain astral.sh is not included in the analyzer's list of Trusted External Sources.
Indirect Prompt Injection (HIGH): The skill implements a significant vulnerability surface through its included maintenance scripts. Ingestion points: scripts/discover_ruff_docs.py and scripts/bulk_scrape_ruff.py perform network requests to crawl and scrape content from docs.astral.sh. Boundary markers: Absent. Capability inventory: The scripts possess network access and file-write capabilities (os.makedirs, open().write). Sanitization: Absent. No sanitization or filtering is performed on the scraped content beyond basic HTML tag removal. Severity Reasoning: High risk because the ingestion of external data is paired with the capability to modify the local file system, allowing a compromise of the documentation source to influence the agent's environment.
Privilege Escalation (HIGH): references/installation.md suggests the use of sudo for system package installation (sudo zypper install python3-ruff), which involves unnecessary elevation of privileges.
Command Execution (LOW): The skill instructions frequently guide the agent to execute ruff commands. While this is the intended functionality, it relies on subprocess execution of a tool that is installed from an external source.

ruff-dev