The Agent Skills Directory

[DYNAMIC_EXECUTION]: The master script scripts/analyze_all.py dynamically loads and executes modular analyzer scripts (e.g., find_deferred_work.py, find_security_issues.py) from its local directory using the importlib module.
[COMMAND_EXECUTION]: Several scripts execute external command-line tools using subprocess.run to perform their analysis. scripts/analyze_test_coverage.py executes pytest, scripts/check_dependencies.py executes pip and pip-audit, and scripts/find_security_issues.py executes bandit.
[EXTERNAL_DOWNLOADS]: The documentation in SKILL.md recommends installing third-party tools from well-known sources, including bandit, pip-audit, and pytest-cov from the Python Package Index (PyPI).
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external codebases, which provides a surface for indirect prompt injection attacks.
Ingestion points: All Python files in the user-provided directory are scanned by the analyzer scripts.
Boundary markers: The skill does not use specific boundary markers or instructions to isolate the content of the analyzed files from the agent's core instructions.
Capability inventory: The skill has the ability to read local files and execute system commands through established tools like pip and pytest.
Sanitization: The scripts extract and display raw content from analyzed files, such as TODO or FIXME comments, which could contain malicious instructions for the agent.

technical-debt-detector