The Agent Skills Directory

[DYNAMIC_EXECUTION]: The script scripts/run_quality_gate.py uses dynamic path manipulation to import the quality_gate library from a computed directory (../../../../hooks/lib). This allows code execution from a path determined at runtime outside of the skill's own directory.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted source code files from the project directory to perform linting, creating a surface for indirect prompt injection. 1. Ingestion points: Source code files (e.g., .py, .js, .go) identified by markers like package.json or pyproject.toml in the analyzed repository. 2. Boundary markers: No delimiters or protective instructions are placed around the ingested content in the entry script. 3. Capability inventory: The skill has access to the Bash tool to execute external commands and the Read tool to scan file contents. 4. Sanitization: The script does not perform sanitization or validation of the source code content or the resulting linter output before presenting it to the agent.

universal-quality-gate