The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill processes build.log and last_error.log, which can contain content influenced by external contributors (e.g., via source code that generates specific compiler errors or file names designed to trigger the error parser).
Ingestion points: script/extract_last_error.sh reads user-specified or discovered build logs (e.g., out/rk3568/build.log).
Boundary markers: The instructions do not define clear delimiters to separate log content from agent instructions during analysis.
Capability inventory: The skill frequently recommends or uses commands like grep, find, nm, and the project's build.sh script, creating a path for the agent to execute instructions found in logs.
Sanitization: No sanitization is performed on the extracted log content before it is processed by the AI for analysis.
[Command Execution] (LOW): The skill provide scripts and commands for the user to execute (extract_last_error.sh, nm, grep).
Evidence: script/extract_last_error.sh executes a Python script to parse logs.
Risk: While the scripts are local, they represent a vector if an attacker can manipulate the path arguments provided to the agent or if the agent obeys instructions embedded in the log output.
[Dynamic Execution] (INFO): The script extract_last_error.sh uses a Python heredoc for runtime log parsing.
Evidence: python3
"$log_file" "$output" << 'PYTHON_SCRIPT' in script/extract_last_error.sh.
Context: This is a standard way to embed logic in shell scripts for local developer tools and does not constitute a vulnerability in this specific implementation.

build-error-analyzer