The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the GitHub CLI and Node.js scripts via scripts/scan-repo.js using spawnSync. It implements strict input validation using regular expressions for repository URLs and ensures target directory containment within the project root to prevent path traversal attacks during file generation.
[EXTERNAL_DOWNLOADS]: The skill interacts with external networks to retrieve repository metadata and file contents for analysis. Its security envelope enforces HTTPS-only connections and explicitly blocks access to private, reserved, and link-local IP addresses (e.g., 127.0.0.1, 10.x.x.x, 169.254.x.x) to prevent server-side request forgery (SSRF).
[PROMPT_INJECTION]: The skill ingests untrusted data from external sources, creating an indirect prompt injection surface. Evidence Chain: 1. Ingestion points: scripts/scan-repo.js (fetching GitHub contents) and the WebFetch tool. 2. Boundary markers: Detailed instructions in SKILL.md define all fetched content as untrusted data that must not be followed as instructions. 3. Capability inventory: Includes file system write access for skill generation and script execution for linting. 4. Sanitization: External content is processed by a sanitize function in scripts/scan-repo.js to remove control characters before inclusion in agent prompts.

sharingan