The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of the Bash tool to perform environment discovery (git rev-parse, echo $HOME), analyze configuration files (wc -l), and manage the Pull Request lifecycle using the GitHub CLI (gh auth status, gh pr create, gh api). These operations are consistent with its stated purpose of auditing and improving developer configurations.
[EXTERNAL_DOWNLOADS]: The skill instructs its research subagents to fetch official documentation from docs.anthropic.com to maintain an up-to-date expert context for its audits. This targets well-known official service domains.
[DATA_EXFILTRATION]: Through the PR Delivery phase, the skill can push configuration changes and open Pull Requests on GitHub. While this involves sending local data to an external service, it is done via the user's own authenticated GitHub CLI session and is the primary intended outcome of the skill's optimization workflow.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads and analyzes instruction files (like CLAUDE.md) that may originate from untrusted sources in a project repository.
Ingestion points: Project-level and global configuration files, including CLAUDE.md, .claude/rules/*.md, and settings.json (as described in Phase 0).
Boundary markers: Phase 2 indicates that configuration content is read and pasted into subagent prompts (e.g., "content of the project's root CLAUDE.md") without explicit delimiters or "ignore embedded instructions" warnings mentioned in the workflow instructions.
Capability inventory: The skill has access to Bash, Write, and Edit tools (defined in SKILL.md), and uses them to modify local files and interact with remote GitHub repositories (defined in references/pr-delivery.md).
Sanitization: There is no evidence of sanitization or validation performed on the ingested configuration content before it is processed by the LLM subagents during the audit phase.

claudit