The Agent Skills Directory

[COMMAND_EXECUTION]: The script index.js is vulnerable to OS Command Injection. The runOpencode function uses execSync with shell: true and directly interpolates the prompt variable, which contains raw input from command-line arguments (process.argv). An attacker can use shell metacharacters such as semicolons, ampersands, or backticks to execute arbitrary commands on the system.\n- [DATA_EXFILTRATION]: Due to the command injection vulnerability, an attacker can access and read sensitive local files. Since the tool captures the command's stdout and stderr and saves it to a file in the logs/ directory, this results in the exposure of potentially sensitive system information.\n- [PROMPT_INJECTION]: The skill processes untrusted user input and passes it to a powerful execution environment without validation, creating a surface for indirect prompt injection.\n
Ingestion points: Command-line arguments (process.argv) in index.js.\n
Boundary markers: Absent; user input is directly placed into a shell command template literal.\n
Capability inventory: Shell command execution via execSync and file system writes via writeFileSync in index.js.\n
Sanitization: None; input is joined and executed without escaping or validation.

agent