The Agent Skills Directory

[Prompt Injection] (MEDIUM): Significant Indirect Prompt Injection vulnerability surface. The skill is designed to ingest untrusted content from other skills for analysis and scoring. * Ingestion points: Processes 'SKILL.md' and related scripts from external, potentially untrusted sources during the audit workflow. * Boundary markers: The instructions fail to provide boundary markers or explicit guidelines for the agent to distinguish between the auditing logic and instructions contained within the analyzed content. * Capability inventory: High potential impact as the skill is intended to make decisions in CI/CD pipelines (e.g., using the --fail-under flag) and provide recommendations that could be malicious if influenced by the audited content. * Sanitization: No sanitization or escaping mechanisms are defined for the processed data.
[External Downloads] (LOW): The provided CI/CD integration example includes a command to install an external package ('pip install cortex'). This is an unverifiable dependency that could lead to the execution of untrusted code if the package name is typosquatted or the registry is compromised.

quality-audit