The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses RunCommand to execute environment management tools (nvm) and arbitrary scripts (Node.js, Python, etc.) found within user-specified directories.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It parses the SKILL.md files of other skills to extract functional lists, script paths, and command templates. Maliciously crafted documentation could manipulate the tester into executing unauthorized or destructive shell commands.
Ingestion points: Reads content from {target_skill_path}/SKILL.md to determine execution logic.
Boundary markers: No delimiters or warnings are used to distinguish between legitimate instructions and potentially malicious injected content in the target documentation.
Capability inventory: Uses RunCommand for shell execution and AskUserQuestion to collect user input/credentials.
Sanitization: There is no evidence of sanitization or validation of the commands extracted from the target skill's documentation before execution.
[DATA_EXPOSURE]: The skill manages sensitive data by requesting API keys, tokens, or secrets from the user via AskUserQuestion. These credentials are then passed to the dynamically identified test scripts. If a user targets a malicious or compromised skill directory, provided credentials could be compromised.

node-version-compatibility-tester