The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes shell commands using the subprocess module to call npm and pip binaries. This is used programmatically to check for package metadata on public registries as part of its dependency confusion detection logic.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its ingestion of untrusted data. 1. Ingestion points: Untrusted data enters the agent context through the parsing of package-lock.json, requirements.txt, and CI/CD build logs in scripts/agent.py, as well as log files processed by scripts/process.py. 2. Boundary markers: Absent. There are no instructions or delimiters provided to ensure the agent ignores or sanitizes instructions embedded within the data it analyzes. 3. Capability inventory: The skill has the ability to execute shell commands through subprocess.run in scripts/agent.py and write summary reports to the local file system. 4. Sanitization: Absent. The content extracted from external logs and dependency manifests is processed and returned in reports without validation or escaping.

hunting-for-supply-chain-compromise