The Agent Skills Directory

Command Execution (SAFE): The skill uses standard shell utilities including grep, find, and basename, as well as internal environment tools ao and cass. These operations are limited to searching and metadata extraction within the .agents/ directory. No high-risk patterns like sudo, chmod 777, or piping remote content to a shell were found.
Indirect Prompt Injection (LOW): The skill possesses an ingestion surface for indirect prompt injection by processing external data.
Ingestion points: Reads markdown files located in .agents/learnings/ and .agents/patterns/ (via Read tool and grep).
Boundary markers: Absent; there are no specific delimiters or instructions to ignore embedded commands in the artifacts being traced.
Capability inventory: The skill can execute shell commands (grep, find, ao, cass) and write markdown reports.
Sanitization: No sanitization or validation of the content within the artifacts is performed before it is used to build the lineage report.

provenance