The Agent Skills Directory

[COMMAND_EXECUTION]: The main detection script (scripts/detect.ts) executes local Python scripts (detect_dotnet.py and detect_python.py) using child_process.execFile to handle framework-specific analysis.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because its core functionality involves reading and processing untrusted data from an external project directory.
Ingestion points: The scripts detect.ts, detect_dotnet.py, and detect_python.py ingest data from various files (package.json, .csproj, requirements.txt, etc.) within the user-provided project path.
Boundary markers: Absent. The skill does not use delimiters or safety instructions to prevent the agent from being influenced by instructions embedded in the scanned project files.
Capability inventory: The skill has the ability to execute subprocesses, write files (logs and project.json), and create directories on the local filesystem.
Sanitization: Absent. Specifically, scripts/detect_dotnet.py utilizes the standard xml.etree.ElementTree library for parsing .csproj files, which is documented as insecure against maliciously constructed data (e.g., XML External Entity or Billion Laughs attacks).
[EXTERNAL_DOWNLOADS]: The skill relies on external packages defined in package.json (such as fast-glob) and requirements.txt. Furthermore, its instructions recommend the use of npx, which may download packages from the NPM registry at runtime if they are not already cached.

ui-convert-detector