The Agent Skills Directory

[COMMAND_EXECUTION]: The file assets/example_code_vulnerable.py contains a functional example of command injection in the command_injection_example function, which uses subprocess.run(command, shell=True) with unsanitized string concatenation.
[REMOTE_CODE_EXECUTION]: The file assets/example_code_vulnerable.py includes an insecure deserialization example using pickle.loads() on base64-encoded input. This technique can be used to execute arbitrary code if the processed data is untrusted.
[EXTERNAL_DOWNLOADS]: The instructions in SKILL.md and the README for scripts/dependency_checker.py describe running dependency audits (e.g., npm audit, pip audit), which involve connecting to external package registries to retrieve vulnerability databases.
[PROMPT_INJECTION]: The skill exhibits surface area for indirect prompt injection (Category 8):
Ingestion points: The skill is designed to scan and read entire codebases or specific source files as part of its primary review function, as described in SKILL.md and implemented in scripts/code_analyzer.py.
Boundary markers: There are no explicit instructions or markers defined to help the agent distinguish between its own system instructions and potentially malicious instructions embedded in the code being reviewed.
Capability inventory: The skill is granted powerful tool access in SKILL.md, including Bash(cmd:*), Write, and Edit, which could be abused if the agent is manipulated by instructions found in the analyzed files.
Sanitization: No sanitization or validation logic is present to filter out or escape instructions contained within the ingested project files.

performing-security-code-review