The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill is designed to profile developer workflows and project files to 'implement improvements.' This involves reading untrusted data (project source, READMEs, config files) and performing high-privilege actions like modifying package scripts, setting up Git hooks, and creating new CLI commands. An attacker could place malicious instructions in project files that the agent then translates into persistent shell commands or automated hooks.\n
Ingestion points: Project source code, package.json, documentation, and developer environment profiling.\n
Boundary markers: None specified in the instructions to distinguish between agent instructions and project data.\n
Capability inventory: File system write access, automated dependency installation, Git hook configuration, and script generation (Makefile, CLI commands).\n
Sanitization: No evidence of sanitization or validation of the data being used to generate scripts.\n- Command Execution (HIGH): The skill is explicitly tasked with 'Automating dependency installation' and creating 'project-specific CLI commands.' Without strict constraints, this allows the agent to execute arbitrary shell commands or install malicious packages if triggered by instructions found within the project being 'optimized.'\n- Dynamic Execution (MEDIUM): The skill generates and configures executable components (task runners, Makefile entries, scripts in .claude/commands/) at runtime based on its analysis of the local environment. This runtime code generation is a significant security risk if the input context is compromised.\n- Persistence Mechanisms (MEDIUM): The mission to 'Set up git hooks' provides a standard path for establishing persistence. Malicious code placed in a Git hook will execute automatically during common developer actions like committing or pushing code.

dx-optimizer