The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The instruction !./scripts/analyze-codebase.sh $ARGUMENTS in SKILL.md performs direct shell interpolation of the $ARGUMENTS variable. An attacker can provide a payload (e.g., ; rm -rf /) to execute arbitrary commands on the system.
PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its combination of untrusted data ingestion and high-privilege capabilities. 1. Ingestion points: scripts/analyze-codebase.sh reads codebase files and git metadata using find, grep, and git log. 2. Boundary markers: None are present to distinguish untrusted file content from the script's intended output. 3. Capability inventory: The skill is granted access to high-privilege tools including Bash, Read, Grep, and Task. 4. Sanitization: No sanitization is performed on the ingested file names or contents, allowing a malicious repository to potentially influence the agent's behavior or decision-making logic.

assess-complexity