The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (HIGH): The skill instructs the agent to install and execute several third-party tools via package managers at runtime.
Evidence: pip install safety, cargo install cargo-audit, npm audit, and go install commands are present throughout the skill.
Remote Code Patterns: golang.org/x/vuln/cmd/govulncheck@latest → go install, github.com/google/go-licenses@latest → go install, npx license-checker → npx execution.
Risk: Installing unpinned or third-party packages at runtime can lead to supply chain attacks where the agent executes malicious code from a compromised registry.
Indirect Prompt Injection (HIGH): The skill is highly vulnerable to indirect prompt injection through dependency metadata.
Ingestion points: The agent reads the output of tools like go list, npm audit, pip list, govulncheck, and safety to prioritize remediation tasks.
Boundary markers: None. There are no instructions to the agent to treat tool output as untrusted or to use delimiters.
Capability inventory: The skill specifies Read, Write, Edit, and Bash tools, allowing for system-level changes.
Sanitization: None. The agent is expected to parse and act on the raw output of external auditing tools.
Risk: A malicious package in a project's dependency tree could include prompt injection instructions in its name, version string, or vulnerability description. When the agent audits the project, it might obey these instructions to create backdoors, exfiltrate data, or delete files using its Bash/Write permissions.
Command Execution (MEDIUM): The skill makes extensive use of the Bash tool to perform audits and updates, which, while necessary for the stated purpose, increases the impact of any successful injection or malicious tool execution.

Dependency Health