The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): In the file rules/document-writing.md, the agent is explicitly instructed to 'Validate syntax with bq query', 'execute to confirm', and 'verify correctness by executing the code' for every edit within code blocks. This policy directs the agent to run potentially untrusted code found within documents.
[REMOTE_CODE_EXECUTION] (HIGH): The instruction to execute code from processed documents enables Remote Code Execution (RCE). Since the documents (ingestion points) can be modified by external actors or users, an attacker can embed malicious scripts that the agent will execute during its linting and verification workflow.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection by processing untrusted text. Ingestion points: Documents identified from context or provided file paths in SKILL.md. Boundary markers: Modification exclusions are defined for backticks and quoted text in SKILL.md, but these do not prevent the LLM from interpreting instructions within the text itself. Capability inventory: The skill is authorized to perform shell execution via bq query and arbitrary code execution for verification as specified in rules/document-writing.md. Sanitization: There is no evidence of sanitization or validation of the code content before the agent attempts execution.

lint-doc