The Agent Skills Directory

[COMMAND_EXECUTION]: The skill explicitly directs the agent to execute shell commands and local scripts found within the analyzed repository. Evidence includes instructions to run 'node scripts/extractFilesFromMarkdown.ts', 'node scripts/recover-and-start.js', and 'scripts/check-imports.js', as well as standard tools like 'pnpm dev', 'npm start', and 'npx tsc'.
[REMOTE_CODE_EXECUTION]: A significant risk is identified in the workflow where the agent is told to extract code from markdown documentation and then execute it via recovery scripts. This pattern of turning data into executable code can be exploited if a repository contains malicious instructions disguised as examples.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted project data to influence its actions.
Ingestion points: The agent ingests repository files such as 'index.html', 'package.json', Vite entry files, and documentation in markdown.
Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when processing these files.
Capability inventory: The agent has high-privilege capabilities including writing files, modifying configurations, and executing shell scripts.
Sanitization: No sanitization or validation of the ingested project data is performed before it is used to generate code edits or command arguments.

vite-webcontainer-developer