The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect injection because it processes untrusted project files and uses them in command execution.- Ingestion points: The skill accepts a project_path input and reads files from that directory (e.g., .csproj, .pre-commit-config.yaml).- Boundary markers: No boundary markers or clear 'ignore instructions' guards are present to prevent the agent from being influenced by malicious content inside the code files.- Capability inventory: The skill executes powerful commands including dotnet build, pre-commit, and a local script analyze.sh.- Sanitization: No sanitization is performed on the project contents before execution, allowing for malicious MSBuild targets or pre-commit hooks to run code.- Command Execution (HIGH): The use of dotnet build on untrusted code is dangerous because .NET project files can contain custom targets that execute arbitrary shell commands during the build process.- Unverifiable Dependencies (MEDIUM): The skill runs dotnet list package --vulnerable and pre-commit which access external package registries and configuration files that can be controlled by a repository owner.

code-analyze