The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/check-coverage.sh is vulnerable to shell command injection. The $THRESHOLD argument is interpolated directly into a double-quoted string passed to node -e. An attacker providing a value containing quotes and semicolons could terminate the node command and execute arbitrary shell commands.
[COMMAND_EXECUTION]: The scripts/check-coverage.sh script is also vulnerable to JavaScript injection. The $THRESHOLD value is placed directly into a JavaScript code block executed by node -e. A maliciously crafted threshold value could execute arbitrary JavaScript code within the Node.js process.
[PROMPT_INJECTION]: The skill exhibits a significant indirect prompt injection surface. It is designed to read and 'discover' project conventions by scanning source code, test files, and configuration files like AGENTS.md. Instructions or malicious content embedded in these local files could influence the agent's behavior during test generation or reporting.
[COMMAND_EXECUTION]: The skill executes npx vitest run --coverage. This command runs the test suite using the project's local dependencies and configuration. If the skill is used on a repository with compromised or malicious tests/dependencies, it will execute that code with the permissions of the agent's environment.
[COMMAND_EXECUTION]: The script scripts/detect-changes.sh uses the $BASE argument in a git merge-base command. While it is double-quoted, providing a maliciously crafted branch name could lead to unexpected behavior depending on how the underlying shell and git CLI handle specific control characters.

test-generator