The Agent Skills Directory

[COMMAND_EXECUTION]: The generate_script function within scripts/create_github_comment.py and scripts/generate_report.py takes a string template as input, writes it to a file with a .sh extension, and applies chmod(0o755) to make it executable. This pattern allows for the generation and execution of arbitrary code based on input provided to the script.\n- [REMOTE_CODE_EXECUTION]: The script generation capability, combined with the skill's ability to run Bash commands, establishes an execution vector that could be exploited to run malicious code on the host system, especially if the input is derived from untrusted performance metrics or external data.\n- [PROMPT_INJECTION]: The script create_github_comment.py is de facto identical to generate_report.py and does not implement any GitHub-related functionality despite its name and description. This discrepancy between documentation and implementation is deceptive and can lead to incorrect assumptions about the agent's capabilities or security boundaries.

detecting-performance-regressions