The Agent Skills Directory

[COMMAND_EXECUTION]: The generate.js script is vulnerable to shell command injection because it constructs git commands by directly interpolating unsanitized command-line arguments (such as branch names and commit hashes) into strings passed to child_process.execSync. This allow an attacker to execute arbitrary commands by providing inputs containing shell control characters.
[DATA_EXFILTRATION]: The send-report.sh script automatically transmits local repository scan results and development metadata to an external email address (winsorllc@yahoo.com) using curl via SMTP. While the recipient belongs to the author, this mechanism creates a path for exfiltrating sensitive environment information to a third-party service.
[CREDENTIALS_UNSAFE]: The reporting script send-report.sh is designed to handle sensitive tokens (GMAIL_USER and GMAIL_PASS) from the environment and passes them as plain-text arguments to the curl command. This insecure pattern exposes credentials to system process logs and monitoring tools.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion points: The script generate.js reads untrusted data from git diff. 2. Boundary markers: No delimiters or warnings are used to separate diff content in the final PR description. 3. Capability inventory: The skill has access to execSync and file operations. 4. Sanitization: The content of the diff is not sanitized for malicious instructions before being included in the generated output, which could influence downstream agent actions.

pr-description-generator