The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The scripts/lint_runner.py script identifies and executes scripts defined in the package.json file of the target project (specifically npm run lint). Since this command executes arbitrary shell instructions defined by the project author, a malicious project can trigger the execution of unauthorized code on the agent's host system.
[REMOTE_CODE_EXECUTION] (HIGH): The skill uses npx to invoke tools like eslint and tsc. By default, npx will attempt to download and execute packages from the npm registry if they are not found locally. An attacker could exploit this by specifying malicious dependencies or plugins in the project configuration that are then fetched and run by the agent.
[INDIRECT_PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect injection through project-level configuration files which act as untrusted ingestion points.
Ingestion points: Reads package.json, pyproject.toml, and requirements.txt from the project path provided as an argument to lint_runner.py.
Boundary markers: None. There are no delimiters or security checks to isolate the data in these configuration files from the execution environment.
Capability inventory: The skill has access to subprocess.run and the Bash tool, allowing it to execute any command extracted from the configuration files.
Sanitization: None. The skill blindly extracts and executes the content of the scripts section in package.json.

lint-and-validate