The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The file scripts/generate-test-evidence.md uses the ! syntax to trigger local shell command execution for environment metadata gathering.
Evidence: Commands such as !date, !uname -s, and !which pytest are executed to populate the report. This confirms the skill's ability to run system commands directly through the template.
REMOTE_CODE_EXECUTION (MEDIUM): The generate-test-evidence script is designed to execute arbitrary shell commands passed via the $ARGUMENTS parameter.
Evidence: The template contains a bash code block specifically for executing $ARGUMENTS. If the input for this argument is sourced from untrusted external data (e.g., a PR body or external task description), it could be used to execute malicious code on the host system.
DATA_EXPOSURE (LOW): The skill performs local file system reads to identify the development environment.
Evidence: A grep command is used in scripts/generate-test-evidence.md to scan package.json and pyproject.toml for test framework signatures.
PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it interpolates untrusted user input ($ARGUMENTS) directly into executable contexts without sanitization or boundary markers.
Ingestion points: The $ARGUMENTS variable in scripts/generate-test-evidence.md.
Boundary markers: None present in the execution block.
Capability inventory: Shell command execution via bash blocks and ! syntax.
Sanitization: None observed; the skill blindly executes the provided string.

evidence-verification