The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs shell interpolation of the {platform.path} variable within find and grep commands during platform detection. If a repository contains directory names with shell metacharacters (e.g., ;, `, or $()), it could lead to arbitrary command execution on the host system when the agent runs the detection logic.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). Malicious instructions embedded in a target repository's source code or documentation could influence the 'Seed Reconciliation' (Step 9a) and 'Capture Feedback' (Step 10) processes. Ingestion points: Scanned source code in Step 1 (routes), Step 5 (pain points), and Step 6 (heuristics). Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the processed data. Capability inventory: High-privilege permissions including Edit(jaan-to/config/settings.yaml) and Edit($JAAN_CONTEXT_DIR/**). Sanitization: Absent; the skill directly compares detection results against seed files and offers to update local configurations based on these results.
[COMMAND_EXECUTION]: The skill requests permission to Edit(jaan-to/config/settings.yaml). Granting an automated audit tool the ability to modify its own configuration file while it is actively processing untrusted third-party code significantly increases the risk of persistent environment modification and privilege escalation.

detect-ux