The Agent Skills Directory

[COMMAND_EXECUTION]: The skill workflow in SKILL.md instructs the agent to execute a shell command using node. This command interpolates multiple variables including $PROJECT_DIR, $function_id, and $pc_index. If these variables are derived from untrusted project files or user input without strict validation, they could be leveraged for command injection.
[COMMAND_EXECUTION]: The helper script scripts/index.mjs uses dynamic import() to load files from paths provided as command-line arguments. While the usage of the with { type: 'json' } attribute restricts the import to JSON content, the pattern of loading files from runtime-computed paths remains a dynamic execution concern.
[PROMPT_INJECTION]: The skill ingests external data from debug-info.json. While the script specifically parses numeric fields (line, column), the resulting remapped stack trace is re-injected into the agent's context. This creates an indirect prompt injection surface where a malicious JSON file could attempt to influence the agent's analysis of a runtime error.

lynx-debug-info-remapping