The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The skill repeatedly utilizes npx ruv-swarm across multiple examples. This command downloads and executes a package from the npm registry that is not from a trusted organization, posing a significant risk of arbitrary code execution.
COMMAND_EXECUTION (MEDIUM): The skill performs npm install on repositories cloned from the organization. A malicious repository could contain a package.json with preinstall or postinstall scripts, leading to the execution of attacker-controlled code when the agent attempts to update dependencies.
EXTERNAL_DOWNLOADS (LOW): The skill automates the bulk cloning of repositories and the retrieval of packages from external registries.
PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). It reads repository contents (like package.json) and uses that data to drive high-privilege actions like creating Pull Requests and pushing code. Ingestion points: gh api and gh search in Examples 2, 3, and 5. Boundary markers: Absent; the agent processes raw repository content without delimiters. Capability inventory: File system access, git push, gh pr create, and gh issue create. Sanitization: None; the skill decodes base64 content and passes it directly to jq and grep logic.

github-multi-repo