The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The scripts scripts/install-ultracite.sh and scripts/migrate-to-ultracite.sh use the eval command to execute strings constructed at runtime from project metadata. This is a risky pattern that could be exploited if environment variables or project files like package.json are manipulated by an attacker.\n- EXTERNAL_DOWNLOADS (MEDIUM): Multiple files, including references/mcp-integration.md and the installation scripts, invoke npx, bun x, and pnpm dlx to download and execute the ultracite and @ultracite/mcp-server packages without version pinning. This leaves the development environment vulnerable to supply chain attacks or accidental execution of malicious packages if the names are ever squatted or hijacked.\n- COMMAND_EXECUTION (LOW): Documentation in references/git-hooks-setup.md suggests using chmod +x on local scripts to set up Git hooks. While standard, it involves modifying file permissions to allow execution of scripts.\n- DATA_EXFILTRATION (LOW): The ultracite:doctor command and MCP server integration perform broad read operations on local project configuration files (package.json, biome.jsonc) and metadata. This establishes a surface for local data exposure within the agent's context.

ultracite