The Agent Skills Directory

[COMMAND_EXECUTION]: The downloadNpmPackage function in src/repoManager.ts executes shell commands using execSync to download and extract npm packages. The packageName variable is directly interpolated into the command string without any sanitization or validation. An attacker providing a malicious input like lodash; malicious-command would be able to execute arbitrary code on the underlying system.
[EXTERNAL_DOWNLOADS]: This skill performs network operations to clone external Git repositories, download npm package tarballs, and fetch repository metadata from the GitHub API. While these are necessary for its stated function of auditing code, the lack of input validation on the source URLs and package names presents a significant risk.
[PROMPT_INJECTION]: The skill processes external, untrusted content from the repositories it audits. Static analysis is performed on files with extensions like .js, .ts, and .py. Maliciously crafted content within these files could attempt to influence the agent's summary of the scan results, creating a risk of indirect prompt injection.
Ingestion points: src/staticAnalyzer.ts reads contents of files from cloned repositories.
Boundary markers: None identified in the report generation phase.
Capability inventory: The skill has the ability to execute system commands and access the local file system.
Sanitization: No sanitization is performed on the code content before analysis.

skill-security-checker