The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill facilitates downloading and installing code from arbitrary GitHub repositories. It specifically references an untrusted repository: https://github.com/JEO-tech-ai/supercode.git.
[COMMAND_EXECUTION] (MEDIUM): The skill executes npm install, which can trigger lifecycle scripts (like prepare, preinstall) defined in the downloaded package, leading to arbitrary code execution.
[CREDENTIALS_UNSAFE] (MEDIUM): Instructions include reading sensitive paths (~/.ssh/id_ed25519.pub) and managing GitHub Personal Access Tokens (PATs) via environment variables and .npmrc files.
[PRIVILEGE_ESCALATION] (MEDIUM): The guide suggests using sudo chown to resolve permission errors, which can lead to unauthorized modification of system-wide directories.
[PERSISTENCE] (LOW): The skill recommends modifying the user's shell configuration (~/.bashrc) to update the system PATH.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from remote repositories and local files like package.json. It lacks boundary markers or sanitization, though it poses a low risk due to standard agent guardrails. Evidence: 1. Ingestion point: package.json, 2. Boundary markers: Absent, 3. Capabilities: Bash (npm install), Read, Write, 4. Sanitization: Absent.

npm-git-install