The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run with list-based arguments to interact with the local git environment, specifically using git show and git blame to retrieve file history and diffs. These operations are constrained to the repository path provided during execution.
[EXTERNAL_DOWNLOADS]: The skill references several well-known libraries and tools for its functionality, such as gitpython, javalang, tree-sitter, esprima, and pycparser. These are standard tools within the software analysis community and are typically installed from official package registries.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its core function of processing external code.
Ingestion points: Untrusted source code and git commit history are read into the agent's context through scripts/semantic_analyzer.py and scripts/semantic_szz.py.
Boundary markers: There are no explicit markers or instruction overrides used to prevent the LLM from being influenced by malicious instructions that might be embedded in the analyzed code or commit messages.
Capability inventory: The skill utilizes file reading via git commands and structural code parsing via the ast module.
Sanitization: No sanitization or validation is performed on the ingested code content before it is processed to create the final analysis report.

semantic-szz-analyzer