The Agent Skills Directory

REMOTE_CODE_EXECUTION (MEDIUM): The skill instructions include running npm install -g repomix at runtime in Phase 3. This installs an external package from the public NPM registry, which is an unverifiable dependency installation at the time of execution.\n- COMMAND_EXECUTION (MEDIUM): The skill executes multiple shell commands including git clone, cd, and repomix. These commands operate on repository URLs and file paths obtained through web searches, which could be manipulated to execute unauthorized commands if the search results are poisoned.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill is designed to download content from context7.com (an external documentation aggregator) and clone repositories from GitHub into a temporary directory (/tmp/docs-analysis).\n- PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It ingests content from external repositories and documentation files (llms.txt) and processes them through multiple agent tasks without sanitization. Mandatory Evidence Chain:\n
Ingestion points: WebFetch for llms.txt files and git clone for entire repositories.\n
Boundary markers: Absent; the skill does not define delimiters or warnings to ignore instructions within the ingested content.\n
Capability inventory: The skill has the capability to execute shell commands (npm, git, repomix), read files, and spawn multiple sub-agents.\n
Sanitization: None; external content is used directly for analysis.

docs-seeker