The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/install.sh script invokes sudo apt-get install to fetch system utilities. This requires administrative privileges and represents a privilege escalation vector during the installation phase.\n- [DATA_EXFILTRATION]: The scripts/notify.sh script sends analysis reports to an external Slack webhook. These reports contain the p0_detail field, which includes raw code snippets, file paths, and line numbers, potentially leaking proprietary code to external infrastructure.\n- [EXTERNAL_DOWNLOADS]: The skill's installation script performs external network requests to download and install packages via the apt-get package manager.\n- [COMMAND_EXECUTION]: Several scripts, including verify.sh and score.sh, execute internal Python code blocks using heredocs (`python3
... << 'PYTHON'), which involves dynamic execution of script logic embedded within shell scripts.\n- **[PROMPT_INJECTION]:** The skill processes untrusted local source code (Ingestion points: BASE_DIRinverify.sh) without using boundary markers to isolate instructions. The capability inventory includes shell subprocess execution and network operations via curl(Capability inventory:scripts/` directory). There is no evidence of sanitization performed on the ingested code before it is interpolated into reports, making the agent vulnerable to indirect prompt injection.

ai-tool-compliance