The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/describe-rule.js is vulnerable to command injection. It uses child_process.execSync to run shell commands incorporating the rule-name argument directly into a template literal without sanitization. An attacker could influence this input to execute arbitrary shell commands on the host system.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. It ingests untrusted data from local scan result files and uses it to perform high-privilege actions like writing to source files and executing CLI commands.
Ingestion points: Scan results stored in JSON files (e.g., code-analyzer-results-*.json) which are read by multiple scripts.
Boundary markers: The skill lacks explicit delimiters or instructions to the agent to treat data within the scan results (such as violation messages or suggested fixes) as untrusted content.
Capability inventory: The skill possesses the capability to overwrite arbitrary files in the project workspace via scripts/apply-fixes.js and execute shell commands via scripts/describe-rule.js.
Sanitization: While scripts/list-rules.js implements a token-based whitelist for its selector, the input to scripts/describe-rule.js is unsanitized, and scripts/apply-fixes.js applies code transformations based directly on the content of the JSON results.

running-code-analyzer