The Agent Skills Directory

Command Execution (HIGH): The scripts scripts/init_git_repo.py and scripts/setup_branch_protection.py construct shell commands using unvalidated command-line arguments and execute them using subprocess.run(shell=True). An attacker can provide inputs containing shell metacharacters (e.g., ; rm -rf /) to execute arbitrary code on the host machine. Evidence: cmd = f"gh repo create {repo_name} --{visibility} --source=." \n- **Remote Code Execution (HIGH):** The documentation in references/release-strategies.mdencourages a pattern of downloading and immediately executing binaries from GitHub releases usingcurl -L ... | bashorchmod +x, which bypasses security controls and facilitates supply chain attacks. Evidence: Example install command curl -L https://github.com/user/repo/releases/download/v1.2.3/app-linux-amd64 -o app && chmod +x app.\n- **Indirect Prompt Injection (HIGH):** The skill is highly vulnerable to indirect prompt injection because it processes untrusted data (like repository and organization names) through a high-privilege shell interface without any sanitization. Mandatory Evidence: Ingestion points: sys.argv[1]ininit_git_repo.pyandsetup_branch_protection.py; Boundary markers: None; Capability inventory: subprocess.run(shell=True), file system write, chmod755; Sanitization: None detected.\n- **Dynamic Execution (MEDIUM):**scripts/setup_git_hooks.pyprogrammatically generates and sets executable permissions on shell scripts (e.g.,.husky/pre-commit). This introduces a risk if the generation logic or inputs are compromised. Evidence: with open(".husky/pre-commit", "w") as f: f.write(hook_content)followed byPath(".husky/pre-commit").chmod(0o755)`."

start-right