The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): Indirect Prompt Injection via external data. The skill facilitates processing feedback from 'External Reviewers' (SKILL.md), which is untrusted input. 1. Ingestion points: External reviewer feedback processed by the agent. 2. Boundary markers: Absent; no XML tags or clear delimiters are specified to isolate the feedback. 3. Capability inventory: High; the agent is instructed to 'IMPLEMENT' code changes and 'test each fix individually' (SKILL.md), involving file writes and command execution. 4. Sanitization: Absent; the skill relies on the agent's 'technical evaluation' rather than automated sanitization of instructions.- [COMMAND_EXECUTION] (MEDIUM): Risk from untrusted code execution. The skill mandates the use of 'grep codebase' and running tests for implemented fixes. Because the fixes are derived directly from external, untrusted feedback, the agent may inadvertently execute malicious logic during the required testing phase.- [REMOTE_CODE_EXECUTION] (MEDIUM): Potential for RCE via feedback implementation. While the skill does not explicitly download remote code, its core function is to implement external suggestions. Malicious feedback could trick the agent into adding dangerous dependencies or executing remote scripts under the guise of 'fixing' an issue.

receiving-code-review