The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill references three local Python scripts (architecture_diagram_generator.py, project_architect.py, dependency_analyzer.py) and instructs the user/agent to execute them. Since the source code for these scripts is missing from the provided skill package, their behavior is unverifiable and they could perform arbitrary malicious actions on the host system.
[Indirect Prompt Injection] (HIGH): The skill has a significant attack surface for indirect prompt injection.
Ingestion points: The scripts project_architect.py and dependency_analyzer.py are designed to ingest untrusted data from the user's local filesystem (specified by <target-path> or .).
Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill definition.
Capability inventory: The skill explicitly claims to provide 'Automated fixes', indicating it has write-access to the local filesystem. It also uses python to execute scripts.
Sanitization: No sanitization or validation of the input project files is mentioned.
Risk: An attacker could place malicious instructions inside a project's documentation or code comments that, when 'analyzed' by this skill, could trick the agent into applying harmful 'fixes' or exfiltrating data.
[External Downloads] (MEDIUM): The 'Development Workflow' section instructs the user to run npm install and pip install -r requirements.txt. Without a provided package.json or requirements.txt, these commands could download and install arbitrary, potentially malicious third-party packages.
[Data Exposure] (LOW): The skill explicitly references .env files and analyzing the current directory (.). While intended for configuration, this indicates a pattern of accessing sensitive local environment variables and project structures.

senior-architect