The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (HIGH): The scripts/shutdown-services.sh script is vulnerable to command injection. It extracts a port number from a .env file and interpolates it directly into a subshell: kill $(lsof -ti:${SERVER_PORT}). If the .env file (potentially from an untrusted project) contains a malicious value like 8080; <command>, the command will be executed.
[COMMAND_EXECUTION] (MEDIUM): The skill uses kill to terminate processes and sed to modify configuration files. These are high-risk operations that can lead to denial of service or misconfiguration if inputs from the environment are not strictly validated.
[EXTERNAL_DOWNLOADS] (LOW): The apps.md guide instructs the agent to run make tailwindcss, which downloads and executes an external binary. The skill does not verify the source, version, or integrity of this download.
[PROMPT_INJECTION] (LOW): The skill exhibits an indirect prompt injection surface (Category 8). 1. Ingestion points: User-supplied branch names in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: Shell execution (git, sed, cp, bash), directory creation, and process management. 4. Sanitization: Absent; branch names are used directly in shell command strings without validation, creating risks for path traversal or injection.

worktrees