The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses eval to execute shell commands extracted from project configuration files. Specifically, it parses package.json scripts and Makefile targets and runs them as part of a validation pipeline. This pattern allows for arbitrary command execution if project files are maliciously crafted.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from untrusted local files to influence execution behavior. * Ingestion points: Project configuration files including Makefile, package.json, go.mod, pyproject.toml, Cargo.toml, and .csproj (detected in SKILL.md and references/tool-detection.md). * Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands within the files it reads. * Capability inventory: The skill has the capability to execute arbitrary shell commands via the eval loop in SKILL.md and via subprocess calls for tool detection. * Sanitization: Absent. No sanitization or validation is performed on the strings extracted from project files before they are passed to the shell.

lint-fix