The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute a wide variety of system commands, including git, the GitHub CLI (gh), and several package managers such as npm, pip, and maven.
[COMMAND_EXECUTION]: It is designed to execute project-specific test suites (e.g., npm test, pytest) as part of its validation phase, which involves running arbitrary code defined within the repository being analyzed.
[COMMAND_EXECUTION]: The instructions explicitly direct the agent to "retry with elevated permissions" if sandbox or permission issues occur during package installation, which facilitates privilege escalation.
[REMOTE_CODE_EXECUTION]: The remediation process involves downloading and updating external packages from public registries (npm, PyPI, Maven). While these are standard services, the automated execution of these updates at runtime constitutes remote code execution.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8):
Ingestion points: Data enters the agent context via mcp_snyk_snyk_code_scan and mcp_snyk_snyk_sca_scan results, which contain vulnerability titles and descriptions that could be influenced by an attacker.
Boundary markers: There are no explicit delimiters or instructions to the LLM to ignore potentially malicious content embedded within the scan metadata.
Capability inventory: The skill possesses extensive capabilities, including the ability to write/edit files (Write, Edit), execute shell commands (Bash), and interact with GitHub (gh).
Sanitization: The workflow lacks explicit sanitization or validation of the data retrieved from scan results before it is used to generate code fixes or drive command execution.

snyk-fix