The Agent Skills Directory

[COMMAND_EXECUTION]: The tool performs recursive directory traversal and file read operations to analyze potential threats within target skill folders. It also includes functionality to write markdown or JSON reports to the local disk.
[DATA_EXFILTRATION]: The skill accesses local file contents to scan for indicators of compromise. While it reads sensitive directories if they are part of the target path, this behavior is central to its auditing function.
[PROMPT_INJECTION]: The scanner processes untrusted file content, which represents an indirect prompt injection surface where a malicious skill could attempt to mislead the audit summary. • Ingestion points: The SkillScanner class in skill_scanner.py reads all files in user-specified paths. • Boundary markers: Findings are output in a structured report, but scanned code snippets are not isolated with protective delimiters in the report body. • Capability inventory: The tool can read and write files on the local filesystem. • Sanitization: The scanner identifies patterns using regular expressions but does not perform sanitization on the file snippets included in its reports.
[DYNAMIC_EXECUTION]: The streamlit_ui.py component utilizes zipfile.ZipFile.extractall() to handle uploaded archives. This function is susceptible to ZipSlip (directory traversal) attacks if provided with a specially crafted archive, though this is a vulnerability in the tool's code rather than a malicious behavior.

skill-scanner