The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill has a significant vulnerability to Indirect Prompt Injection. It is designed to ingest and act upon data from external, untrusted project files such as package.json, requirements.txt, and Cargo.toml. Because the skill possesses high-privilege capabilities including command execution and file modification, a malicious project file could manipulate the agent into performing unintended and harmful operations. 1. Ingestion points: Project configuration files (e.g., package.json, Cargo.toml). 2. Boundary markers: Absent; file contents are processed directly without isolation. 3. Capability inventory: System command execution and file modification via scripts/run-taze.sh and scripts/check-tool.sh. 4. Sanitization: Absent; no validation of extracted file content.
COMMAND_EXECUTION (HIGH): The script scripts/check-tool.sh contains a command injection vulnerability where the variable $TOOL_NAME is executed without quotation or validation ($TOOL_NAME --version). This allows for the execution of arbitrary shell commands if an attacker can influence the tool name provided to the script.
EXTERNAL_DOWNLOADS (MEDIUM): The skill's primary function involves downloading and installing third-party software from public registries. This introduces risks such as dependency confusion and supply chain attacks, which are heightened if the agent automates these actions without human oversight.
REMOTE_CODE_EXECUTION (MEDIUM): By automating the installation and update process for various language ecosystems, the skill facilitates the execution of remote code (e.g., post-install scripts) from packages downloaded from the internet.

dependency-updater