The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill automatically executes package manager installation commands (npm install, pip install, poetry install) and test runners (npm test, cargo test, pytest, go test). These tools are known to execute arbitrary scripts defined within the repository's configuration files (e.g., preinstall hooks in package.json), creating a direct vector for code execution.- [REMOTE_CODE_EXECUTION] (HIGH): This skill is highly susceptible to Indirect Prompt Injection. It ingests untrusted data from the local repository environment (file existence and contents) and uses it to decide which commands to execute. There are no boundary markers or sanitization steps (e.g., escaping $BRANCH_NAME or validating file contents) before passing these inputs to a shell environment.- [COMMAND_EXECUTION] (MEDIUM): The skill constructs shell commands using variables like $path and $BRANCH_NAME. If the agent is instructed to use a maliciously crafted branch name containing shell metacharacters, it could lead to command injection during the git worktree add operation.- [EXTERNAL_DOWNLOADS] (LOW): The skill uses standard package managers to download dependencies. While these are trusted tools, the execution context within a potentially malicious repo elevates the overall risk.

using-git-worktrees