The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The skill utilizes Read and Glob tools to scan the entire project directory. It lacks a documented exclusion list for sensitive directories or files (e.g., .env, .ssh, .git). Consequently, sensitive data could be ingested and embedded into the 'self-contained' HTML visualization files, leading to credential exposure if the files are shared or opened in a browser environment.\n- [Command Execution] (HIGH): The skill is granted Bash(python *) permissions. Although the documentation specifies a path for visualize.py, the wildcard permission allows the agent to execute arbitrary Python code. In conjunction with the Write tool, an attacker could manipulate the skill into creating and executing malicious scripts within the user's environment.\n- [Indirect Prompt Injection] (HIGH): This skill presents a significant vulnerability to indirect prompt injection because it processes untrusted data (the entire codebase) while maintaining high-privilege capabilities. Ingestion points: Filesystem-wide access via Read and Glob. Boundary markers: None; the skill provides no instructions to ignore or delimit embedded commands within scanned files. Capability inventory: Bash command execution and Write operations for file modification. Sanitization: None; there is no specified mechanism to escape or validate codebase content before it is processed by the agent or included in output files.

skill-visualizer