The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directs the agent to run multiple CLI tools for formatting and linting (e.g., eslint, prettier, gofmt, ruff). It also references internal Python scripts such as 'scripts/resolve_style_guides.py' for automation, which are not provided in the skill payload.
[REMOTE_CODE_EXECUTION]: The quality gate requirements involve running the target project's test suite (e.g., 'npm test', 'pnpm test', 'cargo test'). These commands execute arbitrary code defined within the repository undergoing review, which represents a potential remote code execution vector if the source repository is malicious.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through malicious instructions embedded in the JavaScript code or comments the agent is tasked to analyze.
Ingestion points: The agent reads and processes JavaScript artifacts (.js, .jsx, .mjs, .cjs) and shared configuration files from the user's workspace.
Boundary markers: The instructions do not provide explicit delimiters or instructions to ignore potential commands embedded in comments or data within the files.
Capability inventory: The agent is given broad authority to execute shell commands, build tools, and test runners across a variety of programming languages.
Sanitization: Input source code is not sanitized or filtered for instructions before being processed by the agent.

javascript-style-guide