The Agent Skills Directory

[Command Execution] (SAFE): The scripts map-structure.sh, find-entry-points.py, and trace-imports.py utilize standard system commands (find, tree) and Python standard library modules (pathlib, re) to inspect local directory structures and file contents. They do not execute arbitrary shell commands from untrusted inputs or perform privilege escalation.
[Data Exposure & Exfiltration] (SAFE): No network-capable functions (like curl, requests, or fetch) are present in the scripts. The skill's primary function is local reconnaissance for the purpose of code investigation, and it does not access sensitive system paths (e.g., .ssh, .aws) or hardcoded credentials.
[Obfuscation] (SAFE): All files are provided in cleartext with no signs of Base64 encoding, zero-width characters, or homoglyph-based evasion techniques.
[Prompt Injection] (SAFE): The markdown documentation (investigation-checklist.md, common-patterns.md) contains instructional content designed to guide the agent through a structured investigation process. There are no attempts to override system prompts, bypass safety filters, or extract initial instructions.
[Remote Code Execution] (SAFE): No external dependencies are downloaded or executed. The scripts are self-contained and rely only on standard runtime environments (Python 3, Bash).

investigating-codebases