The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The script scripts/detect-and-fix.sh uses eval to execute command strings constructed dynamically at runtime. While most paths are hardcoded to standard linter binaries, the TARGET_PATH argument is directly interpolated and used in cd and subsequent operations without sanitization. If an attacker can influence the path or the content of configuration files (like pyproject.toml or biome.json) that the script reads to detect project types, they might be able to achieve arbitrary command execution through the eval calls.
[REMOTE_CODE_EXECUTION] (MEDIUM): The script executes several commands using npx (e.g., @biomejs/biome, eslint, prettier). While these are common dev tools, npx will download and execute the package if it's not found locally. This creates a dependency on remote registries (npm) at runtime, which is an external download vector.
[DATA_EXPOSURE & EXFILTRATION] (LOW): The script executes git diff to show modified files. While this is primarily for transparency, it provides a mechanism to observe changes to the filesystem that may include sensitive information if a linter is misconfigured or if a project contains secrets in tracked files.
[INDIRECT PROMPT INJECTION] (HIGH): The skill is designed to ingest and process external project data (source code and linter configs). The automated nature of the 'Fix mode' (writing changes to disk) means that if a linter's output or a project's configuration contains malicious patterns designed to influence the agent's next steps, the agent might blindly apply them. The skill lacks boundary markers or sanitization logic for the data it processes.

Linter Autofix Patterns