The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands to perform audits and apply changes. It detects the project's package manager and runs commands such as npx tsc --noEmit to check for TypeScript errors and npm run build to verify changes. It also proposes installing packages like @biomejs/biome. All execution is deferred until the user provides explicit confirmation.
[DATA_EXFILTRATION]: Accesses and processes sensitive information including .env files and source code strings containing potential secrets (e.g., API keys, passwords, tokens). While this is performed for auditing purposes, the ingestion of these credentials into the model's context poses a theoretical risk of exposure if the session is compromised.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted data from the project being audited. * Ingestion points: package.json, tsconfig.json, .env files, and all TypeScript/JavaScript source files in the src/ directory. * Boundary markers: No explicit delimiters or system instructions are provided to the agent to distinguish between the skill's instructions and potentially malicious instructions embedded in comments or strings within the project files. * Capability inventory: The skill can execute shell commands, install/uninstall packages, and modify project configuration files. * Sanitization: There is no evidence of sanitization or filtering of the ingested file content before it is processed by the agent.

kw-stack-audit