The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The file scripts/assess-tests.sh executes npm test and npm run test:coverage on a directory provided as a command-line argument. Because npm runs scripts defined in the target directory's package.json, this allows for arbitrary command execution if the skill is used to assess an untrusted or malicious repository.
[PROMPT_INJECTION] (HIGH): Category 8 (Indirect Prompt Injection) vulnerability is present. The skill ingests untrusted data (code snippets and PR diffs) and interpolates them into prompts without using boundary markers or sanitization. An attacker could embed instructions in code comments to override the agent's behavior, potentially causing it to leak information or provide biased security audits.
[REMOTE_CODE_EXECUTION] (HIGH): Through the exploitation of the npm test command in scripts/assess-tests.sh, a remote attacker who can commit code to a repository being reviewed can achieve code execution on the environment where the agent or script is running.
[DATA_EXPOSURE] (LOW): The assess-code.sh script recursively greps through directories for patterns. While currently limited to quality checks (like TODO or null), this pattern demonstrates a capability to scan the filesystem which could be abused if the script's logic is modified or if the target directory contains sensitive configuration files.

brutal-honesty-review