The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill executes code and scripts found within the repository being audited. Specifically, in references/version-alignment.md it runs package manager installation commands (npm install, yarn install, pnpm install), and in references/test-coverage.md, it executes the project's coverage test script (test:cov). This results in the execution of arbitrary code present in the target repository.
[REMOTE_CODE_EXECUTION]: Remote script execution occurs in references/tool-installer.md, where the NVM installer is fetched from raw.githubusercontent.com/nvm-sh/nvm and piped directly into the bash shell (curl | bash).
[COMMAND_EXECUTION]: The skill uses various shell commands to perform analysis and manage the environment, including find, grep, wc, mkdir, rm, nvm, node, and package manager CLI tools. It also leverages the Bash tool to run these commands sequentially.
[EXTERNAL_DOWNLOADS]: The skill downloads external resources during its initialization phase, such as the NVM installer from GitHub. It also triggers external downloads from package registries during the mandatory dependency installation step for the audited project.
[DATA_EXFILTRATION]: The skill is designed to read sensitive files such as .env.example, package.json, and source code files to generate its report. While the primary purpose is for analysis, the skill has access to the WebFetch tool, which provides a capability surface for potentially sending extracted information to external domains.

nestjs-health-audit