The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill is designed to process untrusted project files and has the capability to invoke build systems that can execute arbitrary logic. * Ingestion points: CMakeLists.txt, vcpkg.json, and .cpp files. * Boundary markers: Absent. * Capability inventory: Bash(cmake:), Bash(make:), and system compilers (g++, clang++). * Sanitization: Absent. An attacker can craft a malicious CMakeLists.txt to execute arbitrary commands or logic during the agent-initiated build process.
[Unverifiable Dependencies & Remote Code Execution] (LOW): The troubleshooting section guides users to clone vcpkg and run its bootstrap script. Evidence: git clone https://github.com/microsoft/vcpkg && ./bootstrap-vcpkg.sh. This finding is downgraded to LOW because the source (microsoft/vcpkg) is a Trusted External Source per [TRUST-SCOPE-RULE].
[Dynamic Execution] (HIGH): The skill enables the agent to compile and execute code at runtime using system tools. While inherent to the purpose of a C++ skill, this is a high-risk capability when the agent is operating on an untrusted codebase.

moai-lang-cpp