The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill interpolates user-provided code or file paths directly into shell commands via npx @sveltejs/mcp svelte-autofixer "<code_or_path>". This is vulnerable to command injection if the input contains shell metacharacters like backticks, semicolons, or pipes that can break out of the double quotes.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads and executes the @sveltejs/mcp package from the npm registry at runtime. While official for Svelte, the @sveltejs organization is not included in the pre-approved trusted list for this analysis, making it an unverifiable dependency.
[REMOTE_CODE_EXECUTION] (HIGH): As per Category 8 (Indirect Prompt Injection), the skill exhibits a high-risk capability tier. It ingests untrusted data (Svelte code/files) and passes them to a shell-based execution environment without robust sanitization or boundary markers beyond simple quotes. This allows malicious code within a project to achieve remote code execution on the agent's host during the 'autofix' or 'analysis' phase.
Ingestion points: svelte-autofixer command in SKILL.md.
Boundary markers: Uses double quotes, which are insufficient to prevent shell injection via command substitution or escaping.
Capability inventory: npx shell execution.
Sanitization: None provided beyond a note to escape $ characters.

svelte-code-writer