The Agent Skills Directory

[DYNAMIC_EXECUTION]: The scripts scripts/generate_report.py and scripts/create_github_comment.py allow for the creation of executable shell scripts from potentially untrusted input. Both scripts contain a generate_script method that accepts a template string from the --content command-line argument, writes it to a file, and then uses file_path.chmod(0o755) to make the file executable. This pattern allows for the creation of arbitrary executable files. If the agent populates the script content with unvalidated data from an external source, it could lead to local command execution.
[METADATA_POISONING]: The skill exhibits significant discrepancies between its documentation and its actual implementation. Specifically, scripts/create_github_comment.py is described as a tool for creating GitHub comments, but its code is an identical copy of the report generator and lacks any GitHub API integration logic. This mismatch can cause the agent to perform unexpected file system operations when it intends to perform a network-based action. Additionally, the author listed in SKILL.md ('Jeremy Longshore') does not match the provided author context ('foryourhealth111-pixel').

detecting-performance-regressions