The Agent Skills Directory

Dynamic Execution (MEDIUM): The script references/extractors/typescript-ast.js dynamically resolves and loads the typescript module from the node_modules directory of the target project being scanned.
Evidence: require(require.resolve("typescript", { paths: [projectRoot] })) in typescript-ast.js. An attacker providing a malicious project could include a rogue typescript module to gain code execution.
Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill's strategy for selecting parsers involves executing code snippets via system shells to check for the presence of runtimes.
Evidence: references/extraction-strategy.md specifies the use of node -e "require('typescript')" and python3 -c "import ast" for runtime detection.
Indirect Prompt Injection (LOW): The skill ingests untrusted source code files and extracts symbol names, signatures, and NatSpec documentation into a JSON format for downstream LLM processing without sanitization.
Ingestion points: File reading in references/extractors/typescript-ast.js.
Boundary markers: Output is structured JSON, but no explicit instructions or delimiters are added to prevent the downstream agent from following instructions embedded in the extracted strings (e.g., in code comments).
Capability inventory: File system read access and stdout transmission.
Sanitization: None detected for the content extracted from source code files.

doc-code-sync