The Agent Skills Directory

[COMMAND_EXECUTION]: The 'Verify Compilation' workflow in SKILL.md (Step 1) automatically triggers build commands based on the detection of specific configuration files (e.g., Makefile, package.json, Cargo.toml). Because these commands are sourced directly from the project being audited, a malicious repository could execute unauthorized commands on the agent's environment during the build phase.
[REMOTE_CODE_EXECUTION]: The skill uses the Bash tool to run the build verification logic. This allows the execution of code defined in the target repository, effectively leading to remote code execution when auditing untrusted sources.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because sub-agents ingest untrusted source code as part of their analysis focus. Maliciously crafted comments or strings within the codebase could attempt to manipulate the sub-agents' reporting or behavior.
Ingestion points: File content is ingested via Read, Grep, and Glob tools as specified in the workflow of SKILL.md.
Boundary markers: The sub-agent prompts in SKILL.md use markdown headings but do not implement robust boundary markers or instructions to disregard embedded commands in the data.
Capability inventory: The skill is granted extensive permissions including Bash (arbitrary command execution), Write, and Edit (filesystem modification) in the allowed-tools section of SKILL.md.
Sanitization: There are no procedures defined in the skill for sanitizing or escaping the content read from files before it is processed by the AI models.

sus