The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py contains functionality to execute system commands. The check_dependency_confusion function uses the subprocess module to run npm view and pip index versions to verify the existence of packages on public registries. While the implementation uses a list of arguments to minimize shell injection risks, the ability to spawn external processes is a sensitive capability that increases the skill's potential impact.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its processing of untrusted external data sources. Ingestion points include package-lock.json, requirements.txt, and various system logs (JSON, CSV, and CI/CD logs) processed in scripts/agent.py and scripts/process.py. There are no explicit boundary markers defined to isolate this external data from the agent's instructions. Although the skill uses regular expressions for threat detection, this does not constitute comprehensive sanitization against data designed to manipulate the language model's reasoning or reporting.

hunting-for-supply-chain-compromise