The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is designed to ingest and analyze untrusted application code. It lacks boundary markers or sanitization instructions to prevent the agent from obeying malicious instructions embedded in the code being scanned (e.g., in comments or config files). (Ingestion: Application code; Boundary: Absent; Capabilities: Subprocess execution, Docker, Pip; Sanitization: Absent).
[Unverifiable Dependencies] (MEDIUM): The skill references and executes a local file ./scripts/run-sast.sh which was not provided in the analyzed file set, preventing verification of its command logic.
[Command Execution] (MEDIUM): The instructions require the agent to execute system-altering commands including pip install, docker run, and gh extension install.
[Trusted Sources] (INFO): References to the github/gh-codeql extension are from a trusted organization, which downgrades the download risk for that specific component but does not offset the execution risks.

sast-configuration