The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently invokes shell commands to inspect the environment and build system, including make -pn, git status, git diff, and ripgrep (rg).
[COMMAND_EXECUTION]: In modules/plugin-dogfood-checks.md, the skill executes an external Python script makefile_dogfooder.py with various flags, including a --apply mode which suggests the capability to modify local files. This script is not included in the skill's file list, making its exact operations unverifiable.
[COMMAND_EXECUTION]: The skill references and executes additional scripts such as scripts/validator.py and scripts/cli.py via uv run in modules/plugin-dogfood-checks.md. These scripts are also external to the skill payload.
[DATA_EXFILTRATION]: The workflow in SKILL.md (Step 5) uses imbue:proof-of-work to record command outputs. This creates a potential for environmental data (file structures, diffs, tool versions) to be captured and stored or transmitted depending on the underlying tool's configuration.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it parses and analyzes external, untrusted Makefiles.
Ingestion points: The skill reads Makefile and *.mk files using rg and make -pn across several modules.
Boundary markers: None identified; there are no instructions to the model to ignore potential instructions embedded in the Makefiles being audited.
Capability inventory: Significant shell execution capabilities including make, pytest, git, and the external makefile_dogfooder.py script.
Sanitization: There is no evidence of sanitization or validation of the Makefile content before it is processed or used in shell commands.

makefile-review