The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The 'apply_migration.py' script executes 'git mv' and directory creation commands using the subprocess module. It correctly passes arguments as lists, which effectively prevents shell injection vulnerabilities.\n- [DATA_EXFILTRATION] (SAFE): No evidence of network operations, credential harvesting, or unauthorized data access was found. The skill operates exclusively on the local repository filesystem and explicitly avoids sensitive configuration files.\n- [PROMPT_INJECTION] (SAFE): The 'scaffold_manifest.py' script includes a protective heuristic that automatically ignores all hidden files and directories (starting with '.') as well as common sensitive directories like 'node_modules' and 'venv'. This prevents the accidental migration or exposure of sensitive metadata.\n- [REMOTE_CODE_EXECUTION] (SAFE): The skill uses 'yaml.safe_load' to process the migration manifest, ensuring that the YAML content cannot trigger arbitrary code execution during the loading process.\n- [DATA_EXPOSURE] (SAFE): The manifest-based workflow provides a clear opportunity for the agent or a human user to review planned changes, mitigating the risk of moving sensitive files into public-facing directories.

repo-maintainer