The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/main.cjs uses child_process.spawn to execute a local file and passes through command-line arguments from the user without sanitization, which could lead to argument injection. The hook scripts pre-execute.cjs and post-execute.cjs also rely on an external library safe-json.cjs located outside the skill's directory tree.
[REMOTE_CODE_EXECUTION]: The skill attempts to run an external script file at .claude/tools/cli/security-lint.cjs. This file is not part of the skill's distribution bundle, making its behavior and safety unverifiable.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It is designed to ingest and analyze untrusted source code from the user's codebase using AST parsers without documenting any boundary markers or sanitization logic to prevent malicious code comments or identifiers from influencing agent behavior. Additionally, the skill metadata includes deceptive 'verified: true' claims and a future verification date ('2026-02-22').

code-style-validator