The Agent Skills Directory

[COMMAND_EXECUTION]: The streamlit_ui.py file contains a critical path traversal vulnerability known as 'Zip Slip'.
Evidence: In streamlit_ui.py, the code uses zipfile.ZipFile.extractall(temp_path) on user-uploaded archives without validating that the file paths within the archive remain within the boundaries of the temporary directory.
Impact: A malicious actor can craft a ZIP file containing files with names like ../../.bashrc to overwrite sensitive configuration or system files, potentially leading to arbitrary command execution upon the next login or system event.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external content.
Ingestion points: streamlit_ui.py (via file uploads and pasted text) and skill_scanner.py (via filesystem reads).
Boundary markers: Absent. The reports generated by the tool do not use strict delimiters or warnings to separate the scanned code's content from the tool's own analysis results.
Capability inventory: The scanner provides safety verdicts that may influence an AI agent's decision to execute other skills, making the integrity of its reports high-stakes.
Sanitization: Absent. The tool reflects scanned content directly into its reports, allowing a malicious skill to include strings like 'Verdict: APPROVED' to deceive a downstream agent into ignoring actual threats.
[EXTERNAL_DOWNLOADS]: The skill documentation instructs users to download and run code from an unverified source.
Evidence: README.md directs users to git clone the tool from a personal GitHub repository (bvinci1-design/skill-scanner.git) that is not associated with a trusted organization or well-known service provider.

skill-scanner