The Agent Skills Directory

[COMMAND_EXECUTION]: The utility scripts/generate_report.py includes a generate_script function that creates shell scripts and explicitly modifies file permissions to make them executable using chmod 0o755.
[REMOTE_CODE_EXECUTION]: The generate_script method in scripts/generate_report.py assembles a bash script from content passed via command-line arguments, which allows for the dynamic generation and execution of code.
[PROMPT_INJECTION]: The skill analyzes untrusted data from target codebases and configurations, representing an indirect prompt injection risk. Evidence: 1. Ingestion points: Files scanned within the ${CLAUDE_SKILL_DIR}/ directory. 2. Boundary markers: The instructions do not define delimiters or provide warnings for the agent to ignore instructions embedded in the analyzed data. 3. Capability inventory: The skill allows the use of the Bash tool and includes a custom script generation utility. 4. Sanitization: There is no evidence of validation or sanitization of content read from external files before processing.

generating-compliance-reports