The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The quality-gate.sh script executes npm run lint and npm test within the $SUBAGENT_DIR. Since this directory contains output from an AI subagent (untrusted data), a malicious subagent could provide a package.json file with arbitrary shell commands in its scripts section. These commands would then be executed with the full privileges of the agent runner.\n- REMOTE_CODE_EXECUTION (HIGH): The script executes npx tsc and local ./node_modules/.bin/tsc on the subagent's codebase. Running compilers and build tools on untrusted source code is dangerous, as malicious configurations or tool vulnerabilities can be exploited to achieve code execution.\n- SAFE (INFO): The skill includes documentation (references/quality-gate.md) for a secret detection system designed to catch API keys and credentials in diffs. This is a positive security feature, but it does not mitigate the primary command execution vulnerability present in the quality gate's verification logic.\n- COMMAND_EXECUTION (MEDIUM): The references/cli-profiles.md file provides instructions on using highly permissive and dangerous flags for various AI CLIs, such as --dangerously-allow-all, --dangerously-skip-permissions, and --yolo. While these are documented as intended features of those tools, recommending their use in automated workflows increases the risk of unintended system modifications.

self-subagent