The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill performs targeted searches for sensitive strings such as api_key, API_KEY, client_id, and CLIENT_ID across the codebase. It explicitly includes .env* files in its search patterns, which are typically used to store secrets in plain text. This behavior could result in sensitive credentials being exposed in the agent's output or saved into the decision documents generated by the skill.
[COMMAND_EXECUTION]: The skill relies on the Bash tool to execute various shell commands, including directory management, complex Grep pipelines, and a multi-step for-loop that parses file headers to generate a project index. This provides a powerful execution environment that operates on file contents and filenames.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its report indexing mechanism.
Ingestion points: The logic reads the first line of every file in the project-decisions/ directory using head -1 to extract a title.
Boundary markers: No delimiters or instructions are used to prevent the agent from interpreting instructions that might be contained within these file headers.
Capability inventory: The skill utilizes Bash, Grep, Glob, and Read tools.
Sanitization: The header content is processed only with basic sed filters, which does not sanitize against malicious command sequences or instructions that could influence the agent during subsequent index processing.

build-vs-buy