The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): Piped remote script execution from an untrusted source. The command 'curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh' downloads a shell script and executes it immediately. The 'anchore' organization is not in the trusted source whitelist, making this a critical risk for arbitrary code execution.
[EXTERNAL_DOWNLOADS] (HIGH): Use of untrusted and unpinned external dependencies. The workflow references several third-party GitHub Actions ('CycloneDX/gh-node-module-generatebom', 'anchore/scan-action', 'aquasecurity/trivy-action') using the '@master' or '@main' tags. This exposes the build process to supply chain attacks if the repositories are compromised or the tags are moved to malicious commits.
[PROMPT_INJECTION] (HIGH): High surface for Indirect Prompt Injection.
Ingestion points: The skill processes local repository content and GitHub context variables ('github.ref_name', 'github.actor').
Boundary markers: None present.
Capability inventory: Includes shell execution, file system modification, and network uploads via release assets.
Sanitization: Absent; the 'artifact-metadata.json' creation uses a shell heredoc to interpolate raw GitHub variables, which can lead to command injection if branch names or other metadata are attacker-controlled.
[COMMAND_EXECUTION] (MEDIUM): The skill performs broad file system operations including file generation, directory traversal, and archiving ('tar -czf'). While common in CI/CD, these capabilities provide an attacker with multiple vectors for data manipulation within the runner environment if project files are compromised.

artifact-sbom-publisher