The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The scripts/scaffold-package.ts utility script uses the second command-line argument directly to construct file system paths via join(process.cwd(), 'packages', packageName). A malicious input could exploit this for path traversal, allowing the skill to write or overwrite files outside the intended directory.
[EXTERNAL_DOWNLOADS] (LOW): The skill frequently invokes bun install, which downloads third-party packages from external registries. While standard for development, this introduces risks associated with dependency supply chains.
[COMMAND_EXECUTION] (LOW): Extensive use of bun x turbo for task orchestration and build processes. This is the intended purpose of the skill but involves executing shell commands based on repository configuration.
[Indirect Prompt Injection] (LOW): The skill is designed to analyze and act upon local repository structures (e.g., package.json, turbo.json). It lacks boundary markers or sanitization when processing these files, creating a surface where a malicious repository could influence the agent's behavior. Evidence Chain: 1. Ingestion points: Monorepo topology assessment and configuration file analysis. 2. Boundary markers: Absent. 3. Capability inventory: Local file writes via scaffold-package.ts, shell execution via bun and turbo. 4. Sanitization: Absent.

monorepo-master