The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes Python scripts that execute the git and rg (ripgrep) commands via the subprocess module. These commands are used solely for cloning the target repository, switching branches, and searching for strings within the code. The scripts use list-based arguments for subprocess.run (without shell=True), which prevents shell injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The scripts are configured to download source code from https://gitcode.com/Ascend/MindSpeed.git. This is a vendor-owned repository (Ascend) used for the skill's primary purpose of analyzing official software baselines.
[DATA_EXFILTRATION]: The skill accesses a specific subdirectory within the user's home folder (~/.codex/skill-cache/mindspeed) to manage its local repository cache. This access is restricted to the skill's own data and is a standard method for maintaining local state between executions.
[PROMPT_INJECTION]: The skill processes external JSON data describing software events. While it lacks explicit boundary markers for this data, the capabilities associated with its processing are limited to searching a local repository cache, which minimizes the risk of indirect prompt injection influencing the system environment.

megatron-impact-mapper