The Agent Skills Directory

[COMMAND_EXECUTION]: The script find-polluter.sh uses shell variables derived from external input (file names found via find) without proper quoting during iteration.\n
The variable $TEST_FILES is expanded unquoted in a for loop, causing word splitting. If a file name contains spaces or shell metacharacters, it could lead to unexpected command execution or parameter injection into npm test.\n
The command npm test "$TEST_FILE" executes arbitrary files found in the repository, presenting a risk if the repository contains files with malicious names or content.\n- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by ingesting and acting upon untrusted data from the file system.\n
Ingestion points: The find-polluter.sh script reads the names of files in the current project directory via the find command (file: find-polluter.sh).\n
Boundary markers: None identified; the script processes all files returned by the find command without delimiters or "ignore embedded instructions" warnings.\n
Capability inventory: The script has the ability to execute shell commands (npm test, ls) based on the files it finds (file: find-polluter.sh).\n
Sanitization: There is no validation or sanitization of the filenames or the user-provided search pattern before they are used in shell commands.

Root Cause Tracing