The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to execute local Python scripts at 'scripts/resolve_style_guides.py' and 'scripts/validate_trigger_matrix_sync.py'. These files are not provided in the skill package, creating a risk where the agent might execute unverified or malicious code if the files are present in the environment.
[COMMAND_EXECUTION]: The 'quality-gate-command-matrix.md' file lists numerous shell commands (e.g., cargo, dotnet, ruff, sqlfluff) for the agent to run. This presents a wide attack surface for command injection if file paths or configuration contents are manipulated to include shell metacharacters.
[EXTERNAL_DOWNLOADS]: Use of commands like 'cargo test', 'npm test', and 'uv run' naturally results in the download of external dependencies from public registries (crates.io, npmjs.org, pypi.org) based on the project's configuration files.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted project artifacts. Ingestion points: .rs, Cargo.toml, Cargo.lock, and other language-specific files defined in the trigger matrix. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompts. Capability inventory: The skill can execute subprocesses and various language toolchains. Sanitization: No sanitization or validation of input file content is implemented before processing or command execution.

rust-style-guide