The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes standard shell commands such as git init, git status, git ls-files, git add, and git commit to manage project initialization and state tracking. It also provides templates that instruct the agent to execute language-specific testing and coverage tools (e.g., npm test, pytest) based on the project's own configuration.
[PROMPT_INJECTION]: The skill implements a 'Project Discovery' protocol that involves reading existing project files like README.md and dependency manifests to infer project goals and technical stacks. This functionality constitutes an indirect prompt injection surface where malicious content within a scanned repository could attempt to influence the agent's behavior. This is documented as an inherent risk of the skill's primary purpose of automated project analysis.
[DATA_EXFILTRATION]: While the skill reads local files (including potentially sensitive manifest files like package.json or requirements.txt) to extract context, all operations are performed locally. There are no network requests, external downloads, or exfiltration patterns detected.

conductor-setup