The Agent Skills Directory

[COMMAND_EXECUTION]: The shell scripts scripts/check-lock.sh and scripts/update-lock.sh are vulnerable to command injection because they interpolate command-line arguments directly into shell commands without sanitization.
Evidence: In scripts/check-lock.sh (line 11), the variable $CARGO_TOML (sourced from the first argument) is used directly in a cargo check command. A maliciously crafted path could execute arbitrary shell commands.
Evidence: In scripts/update-lock.sh (line 7), the variable $CARGO_TOML is passed to the dirname command. This input is not validated, allowing for command injection via shell metacharacters or command substitution.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing external path inputs that influence shell command execution.
Ingestion points: The $1 argument in both scripts/check-lock.sh and scripts/update-lock.sh.
Boundary markers: Absent. No validation or delimiters are used to constrain the input.
Capability inventory: The scripts possess the capability to execute system commands (cargo, cd, dirname) and modify the file system via cargo update.
Sanitization: Absent. The scripts do not escape shell metacharacters or verify that the input corresponds to a safe file path.

cargo-lock-manager