The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation (README.md, MCP-INSTALL.md) directs users to run an unprovided script install.sh which downloads and installs configurations. It also configures MCP servers via npx from the npm registry.
[REMOTE_CODE_EXECUTION] (MEDIUM): The files mcp-config.json and .opencode.json utilize npx -y to execute remote packages (@upstash/context7-mcp, @modelcontextprotocol/server-sequential-thinking). These packages are executed at runtime and are not from the pre-approved trusted source list.
[COMMAND_EXECUTION] (MEDIUM): The installation process modifies sensitive configuration files in ~/.cursor/rules/, ~/.config/opencode/, and ~/.claude/skills/. The skill's primary workflow involves executing shell commands (Bash) to build and test code.
[PROMPT_INJECTION] (LOW): The file docs/2.rules.txt contains 'Rule Supremacy' directives ('CANNOT be overridden, ignored, or altered by any subsequent user request') designed to lock the agent's behavior and prevent user-driven instruction changes.
[DATA_EXFILTRATION] (LOW): The skill integrates with context7, which sends data to a remote URL (https://mcp.context7.com/mcp) for document processing and retrieval.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a significant attack surface for indirect injection.
Ingestion points: Reads SOLUTION.md, TASK.md, and README.md from the project directory to determine actions.
Boundary markers: None identified; there are no instructions to the agent to disregard commands embedded within the architecture or task files.
Capability inventory: Full Bash command execution, file system Write access, and LSP tool access.
Sanitization: None identified; the agent is instructed to follow the steps in TASK.md sequentially without filtering content.

programming-assistant