The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/add-registry-component.js script executes shell commands using execFileSync to interact with various package managers (npm, pnpm, yarn, bun) and the shadcn CLI. It passes user-provided arguments, such as registry names or URLs, to these commands without exhaustive validation or sanitization.\n- [REMOTE_CODE_EXECUTION]: The scripts/add-registry-component.js utility fetches component metadata from remote URLs. It automatically performs two high-risk actions based on the content of the fetched JSON: it installs npm packages listed in the dependencies and devDependencies fields and writes code from the files array directly to the local filesystem in the src/ui directory. This creates a vector for remote code execution if a user is directed to a malicious registry URL.\n- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing untrusted data from external registry URLs through the add-registry-component.js script.\n
Ingestion points: Remote registry URLs or component names are passed as CLI arguments to the script, which then fetches and parses external JSON payloads.\n
Boundary markers: No boundary markers or specific instructions to the agent to ignore instructions embedded in the external content are implemented.\n
Capability inventory: The skill possesses the capability to execute shell commands via execFileSync and modify the project structure using fs.writeFileSync.\n
Sanitization: Although the script parses the data as JSON and applies basic regex-based code transformations, it does not verify the safety, origin, or integrity of the code or the dependencies being introduced into the project.

building-react-web-application