The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The skill invokes several shell commands including ls, grep, sed, git, and go list. These are used to inspect the repository structure and history. While these commands are standard development tools, the use of shell execution (!) is a high-privilege capability that should be monitored.\n- [DATA_EXFILTRATION] (LOW): The skill accesses internal project files such as DESIGN.md and source code within the internal/ directory. This constitutes data exposure to the LLM. No external network requests were detected, limiting the risk to the agent context.\n- [PROMPT_INJECTION] (LOW): There is a surface for indirect prompt injection (Category 8) because the skill processes content from DESIGN.md.\n
Ingestion points: DESIGN.md (read via sed, grep, and head).\n
Boundary markers: Absent; the content is piped directly into analysis instructions without delimiters.\n
Capability inventory: Local shell execution (ls, sed, grep, git, go).\n
Sanitization: Absent; the skill does not escape or validate the contents of the documentation before processing.

design-sync