The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill invokes npx codecontext, which automatically fetches the codecontext package from the public npm registry if it is not already present on the system.
[REMOTE_CODE_EXECUTION]: Scripts provided by the external codecontext package are executed immediately on the host system via the npx tool.
[COMMAND_EXECUTION]: The command npx codecontext --scope $ARGUMENTS uses direct shell interpolation of the $ARGUMENTS variable, which can lead to command injection if the input is not properly escaped by the execution environment.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to surface and present instructions (@context annotations) from arbitrary files. Malicious annotations could be used to manipulate the agent's behavior during subsequent file editing tasks. * Ingestion points: Reads target files provided by the user (SKILL.md). * Boundary markers: Absent; the agent is not instructed to use delimiters or ignore instructions found within the annotations. * Capability inventory: Provides shell access via the Bash tool to execute npm packages. * Sanitization: No evidence of sanitization or validation of the annotations before they are presented to the agent.

context-scope