The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (MEDIUM): The skill documents tools like jiti for runtime TypeScript/ESM compilation and bundle-runner for executing webpack bundles (with optional VM sandboxing). These allow the agent to execute code that is compiled or loaded at runtime.\n- [COMMAND_EXECUTION] (MEDIUM): Through nypm, the skill provides a unified API to install and manage Node.js packages across multiple package managers (npm, pnpm, yarn, bun). This capability allows for the execution of arbitrary code via package lifecycle scripts.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): giget is featured as a utility to download repositories and templates from remote sources such as GitHub, GitLab, and Bitbucket, which can result in the execution of unverified remote code.\n- [DATA_EXFILTRATION] (MEDIUM): untun enables the creation of public tunnels to local HTTP servers via Cloudflare Quick Tunnels. This is a high-risk feature that can expose local development environments and sensitive data to the internet.\n- [PROMPT_INJECTION] (LOW): The skill exhibits an attack surface for Indirect Prompt Injection (Category 8) due to its data ingestion capabilities.\n
Ingestion points: ungh (GitHub API), ofetch (network requests), and unstorage (external storage drivers) fetch data from attacker-controllable sources.\n
Boundary markers: There are no documented boundary markers or instructions for the agent to ignore embedded commands in the processed data.\n
Capability inventory: The skill includes powerful capabilities like nypm.install, jiti runtime execution, and magicast source code modification.\n
Sanitization: While destr is used for secure JSON parsing, there is no evidence of broad sanitization for other data types retrieved from the network.

unjs