The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill generates shell commands based on user-supplied variables. In SKILL.md and references/search-patterns.md, patterns such as grep -rn "{% include \"@${COMPONENT}" src/components/ and xargs grep -l "${PROPERTY}:" interpolate user input directly. If an agent executes these without sanitization, a malicious user could provide input containing shell metacharacters to execute arbitrary commands. The severity is MEDIUM (reduced from HIGH due to the primary purpose being code analysis).
[PROMPT_INJECTION] (LOW): This skill is vulnerable to indirect prompt injection.
Ingestion points: Files within src/components/ (Twig, YAML) are read using grep, cat, and awk.
Boundary markers: None identified.
Capability inventory: Subprocess execution via shell commands (grep, find, sed, awk).
Sanitization: None. Malicious instructions embedded in the analyzed codebase could potentially influence agent behavior.
[DATA_EXFILTRATION] (SAFE): File access is restricted to the local src/components/ directory for analysis. No network exfiltration or access to sensitive global paths (like ~/.ssh) was detected.

component-usage-analysis