The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill is designed to execute multiple local shell scripts (review-skill.sh, install-skill.sh, check-versions.sh) and requires the Bash tool. This allows the skill to perform arbitrary operations on the host system as part of its 'Automated Checks' and 'Installation' phases.
REMOTE_CODE_EXECUTION (MEDIUM): The installation instructions (./scripts/install-skill.sh) and version checking logic (./scripts/check-versions.sh) imply the execution of scripts that may interact with remote registries or download components. The content of these scripts was not provided for verification, posing a risk of unvetted code execution.
EXTERNAL_DOWNLOADS (LOW): The skill uses WebFetch and WebSearch to ingest data from third-party sources like GitHub, npm, and official documentation sites. Per [TRUST-SCOPE-RULE], these are generally trustworthy, but the ingestion of this data into a high-privilege context (Bash/Edit) requires caution.
INDIRECT PROMPT INJECTION (LOW): The skill processes untrusted data from the web to make decisions about code fixes. Ingestion points: External URLs fetched via WebFetch and WebSearch. Boundary markers: Absent; there are no instructions to the agent to treat fetched content as untrusted. Capability inventory: High-tier capabilities including Bash, Edit, Write, and WebFetch. Sanitization: Absent; the skill does not specify validation or sanitization of external documentation before it is used to generate 'Auto-fixes'.

skill-review