The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to extract JavaScript/k6 code examples from documentation files and execute them locally using the go run . run command. This represents a significant security risk when reviewing untrusted documentation content from external contributors. Evidence: Found in references/testing-workflow.md and references/subagent-prompts.md.\n- [EXTERNAL_DOWNLOADS]: The script scripts/check_agent_browser.sh automates the global installation of the agent-browser package from npm and executes agent-browser install, which typically involves downloading browser binaries. Evidence: Found in scripts/check_agent_browser.sh.\n- [COMMAND_EXECUTION]: The skill makes extensive use of shell scripts and CLI tools like git, gh, npm, pnpm, and go to manage repositories and test documentation. Evidence: Found in scripts/find_branch.sh, scripts/fetch_pr.sh, and references/workflows/write.md.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted documentation content from PR branches and uses it to drive actions like code execution and browser navigation without sanitization or strict boundary markers. Evidence Chain: 1. Ingestion point: Markdown files in PR branches (references/subagent-prompts.md). 2. Boundary markers: Absent for code block extraction. 3. Capability inventory: go run, agent-browser, curl, and git/gh. 4. Sanitization: No validation or filtering is applied to the extracted content.

k6-docs