The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): Insecure handling and potential leakage of GitHub Personal Access Tokens.
The function clone_or_copy_project in scripts/analyze_project.py constructs a git URL containing the plaintext token: url = source.replace("https://", f"https://{token}@").
The script returns result.stderr if the git clone command fails. Git typically includes the remote URL (including the embedded token) in its error output, which would leak the secret to the agent's logs or the end-user.
[PROMPT_INJECTION] (LOW): Vulnerability to Indirect Prompt Injection through untrusted project data.
Ingestion points: scripts/analyze_project.py (line 86) reads up to 5000 characters from README.md and other documentation files of the target project.
Boundary markers: Absent. The content is directly formatted into prompt templates (e.g., 01-overview-prompt.md) using the {project_info} variable.
Capability inventory: The skill can execute local commands (git, cp, find, pandoc, uv) and write to the filesystem (Word document generation).
Sanitization: None. Malicious instructions in a scanned project's README could manipulate the report generation process or the agent's behavior.
[COMMAND_EXECUTION] (MEDIUM): Execution of multiple system utilities based on user-provided paths and URLs.
The skill executes git, cp, rm, find, and pandoc via subprocess.run across several scripts.
The source argument is taken from user input and used in git clone or cp -r without validation. While using a list in subprocess.run mitigates shell injection, it still allows for arbitrary file reading or cloning from untrusted sources via the --local and URL parameters.
[EXTERNAL_DOWNLOADS] (LOW): Hardcoded dependency on an external skill's script.
scripts/main.py attempts to execute ~/clawd/skills/nano-banana-pro/scripts/generate_image.py using uv run. This creates a hidden dependency on the nano-banana-pro skill and its environment file, which may not be present or could be modified by other agents.

tech-analysis-reporter