The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): Shell command injection vulnerability in both the helper script and the primary skill workflow.\n
Evidence: In scripts/run-taze.sh (line 58), the $include_flag variable is expanded without quotes in the execution of taze. Similarly, Steps 3 and 5 in SKILL.md instruct the agent to interpolate package names directly into command-line strings (e.g., taze minor --write --include <pkg>).\n
Impact: An attacker can provide malicious package names containing shell control operators (e.g., ;, &, |) to execute arbitrary code with the agent's system privileges.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Reliance on unverified external software and repositories.\n
Evidence: The skill requires the installation and execution of the taze CLI tool, which is not hosted by a trusted organization according to provided security guidelines.\n
Context: Executing third-party binaries that have not been vetted increases the risk of supply chain attacks or execution of malicious code.\n- [PROMPT_INJECTION] (LOW): Vulnerability surface for indirect prompt injection via manipulated tool output.\n
Ingestion points: Step 2 in SKILL.md instructs the agent to read and parse the output of taze, which includes package names and versions defined in package.json.\n
Boundary markers: No delimiters or safety warnings are used to separate untrusted tool output from the agent's internal logic.\n
Capability inventory: The skill possesses the ability to execute shell commands and modify local files (package.json).\n
Sanitization: There is no evidence of sanitization or schema validation for the data ingested from the external CLI output.

bump-deps