The Agent Skills Directory

[COMMAND_EXECUTION]: The file scripts/assess-complexity.md contains templates that instruct the agent to execute shell commands using the $ARGUMENTS variable directly (e.g., find "$ARGUMENTS" -type f). This allows for arbitrary command injection if a user provides malicious input containing shell control characters.
[COMMAND_EXECUTION]: The skill employs dynamic context injection via the !command syntax in scripts/assess-complexity.md to run shell commands such as pwd and git log at load time. This expands the execution surface and enables silent command processing.
[DATA_EXFILTRATION]: Automated analysis scripts such as analyze-codebase.sh and count-dependencies.py perform deep scans of the codebase to collect metrics on file structure and dependencies, exposing sensitive project metadata to the agent.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted codebase data (via find, grep, and Read in analysis scripts) and processes it without boundary markers or sanitization. This is coupled with capabilities for shell command execution and memory management, allowing malicious file content to potentially influence agent behavior.

quality-gates