The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill refers to and provides examples for running utility scripts in the scripts/ directory, such as nextjs-init.py and turborepo-migrate.py. Since these scripts are described as having the ability to modify the filesystem and migrate monorepos but are not provided in the skill package, their behavior is unverified and they could perform malicious actions if executed.
[PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). Evidence: (1) Ingestion points: The skill accepts user-provided strings for project names and directory paths via command-line arguments like --name and --path. (2) Boundary markers: No boundary markers or 'ignore' instructions are present to encapsulate external data. (3) Capability inventory: The skill has extensive capabilities including shell command execution (npx, npm) and Python execution. (4) Sanitization: There is no evidence of input validation or escaping for these parameters, which could allow an attacker to inject shell metacharacters and execute arbitrary commands.
[REMOTE_CODE_EXECUTION] (LOW): The skill utilizes npx create-next-app@latest and npx create-turbo@latest. While these commands download and execute remote code from the npm registry, the tools are provided by a trusted source (Vercel), which downgrades the severity of this remote code execution finding to LOW per security policy.
[EXTERNAL_DOWNLOADS] (LOW): The skill downloads the remixicon and @remixicon/react packages. These are standard UI dependencies from a trusted registry (npm) and are considered low risk.

nextjs-turborepo