The Agent Skills Directory

[DATA_EXFILTRATION]: The script scripts/check_todos.py allows the agent to read and display the contents of any file on the filesystem it has access to. While intended for source code audit, there are no restrictions preventing it from being used on sensitive files like .env, SSH configurations, or system files. This could lead to sensitive data exposure if those files contain lines matching the search patterns (e.g., 'NOTE: API Key updated' or 'TODO: fix hardcoded password').\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external files and injects it directly into the agent's context.\n
Ingestion points: The scripts/check_todos.py script (line 12) reads content from arbitrary files provided as arguments.\n
Boundary markers: There are no delimiters or specific instructions to the agent to ignore embedded commands within the tool output, allowing comments in audited files to potentially influence the agent's next actions.\n
Capability inventory: The skill is configured with access to the Bash and Read tools, meaning instructions found in file comments could be leveraged to execute further system commands.\n
Sanitization: The script performs no validation or sanitization of the file content before outputting it.

todo-check