The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The gather-sandbox-context.ts script dynamically assembles a Node.js snippet and executes it using node -e. This script construction uses string interpolation of the executor name (derived from targetConfig and indirectly influenced by the taskId in the user-supplied sandbox report) without proper sanitization. This pattern is vulnerable to code injection if a malicious report is processed.
[COMMAND_EXECUTION]: In Phase 2, the instructions direct the AI agent to 'instrument node_modules with interceptors' and 'patch fs.readFileSync' in third-party library entry points. Granting an agent the authority to perform invasive modifications to the local environment's dependency tree and core Node.js modules for debugging purposes poses significant security and stability risks.
[EXTERNAL_DOWNLOADS]: The diagnostic script utilizes curl to fetch sandbox reports from arbitrary user-provided URLs. While this is a documented feature, it establishes a direct ingestion point for untrusted external data that is subsequently processed by the vulnerable script logic.
[PROMPT_INJECTION]: The skill instructions utilize forceful imperative language ('NEVER', 'ALWAYS', 'CRITICAL Rules', 'You MUST'). Although these are intended to enforce a strict diagnostic protocol to avoid performance issues (large file reads), such patterns are monitored as they can be used to attempt to override default agent behaviors or safety constraints.

diagnose-sandbox-report