The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill creates a high-risk loop by reading untrusted data from the filesystem (via Grep) and then acting upon it with powerful write and execute capabilities (Edit, code-execution). Nested details: * Ingestion points: File content scanned during the 'Core Workflow' (SKILL.md). * Boundary markers: Absent. No delimiters or instructions are provided to isolate the file content from the agent's instructions. * Capability inventory: 'Edit' (file-write) and 'code-execution' (arbitrary script execution). * Sanitization: Absent. Search patterns and replacement strings are processed directly without validation.
[Dynamic Execution] (HIGH): For operations involving 10 or more files, the skill explicitly triggers an 'execution mode' using a separate 'code-execution' skill. The provided Python example demonstrates arbitrary code being generated and run on the host system to perform the refactor, which allows for arbitrary code execution if the parameters are influenced by malicious data.
[Privilege Escalation] (MEDIUM): The skill enables systematic file modifications across wide scopes (e.g., '**/*.py'). Without path restriction or validation, this capability could be abused to modify sensitive configuration files, environment files (.env), or user shell profiles to achieve persistence or access secrets.

code-refactor