The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The script scripts/configure-routes.sh contains a command injection vulnerability.
Evidence: In the interactive_config function, the script reads user input into variables like PUBLIC_ROUTES and then incorporates them into a command string (cmd) wrapped in single quotes. This string is then executed using eval "$cmd".
Impact: An attacker or malicious prompt could provide input such as '/'; touch HACKED; ' which would break out of the intended command and execute arbitrary shell commands on the host system.
DYNAMIC_EXECUTION (MEDIUM): The script scripts/generate-middleware.sh is vulnerable to code injection in the files it generates.
Evidence: The convert_routes function uses string concatenation to wrap route names in single quotes: result+="'${ROUTE_ARRAY[$i]}'". It does not escape or sanitize internal single quotes.
Impact: If a project contains a file with a name like app/test'); console.log('injected'); //page.tsx, the generated middleware.ts will contain executable code outside of the intended string array, leading to arbitrary JavaScript execution when the middleware runs.
DATA_EXFILTRATION (SAFE): While scripts/test-protection.sh uses curl to interact with network resources, it is limited to testing the availability of local routes (localhost:3000 by default) and does not exhibit patterns of sensitive data exfiltration.
PROMPT_INJECTION (SAFE): The instructions in SKILL.md appear benign and focused on the stated purpose of configuring authentication middleware. No attempt to bypass system guards or extract system prompts was detected.

middleware-protection