The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's management scripts (perf-audit.ts, bundle-analyzer.ts, and crisis-path-test.ts) use execSync to run CLI tools such as lighthouse and git. These operations are performed on hardcoded URLs and local directories to generate performance reports.
[EXTERNAL_DOWNLOADS]: The skill performs network requests using fetch to interact with the GitHub API for issue tracking and a project-specific Cloudflare Worker for cache monitoring. These endpoints are well-known or directly associated with the skill's infrastructure.
[DATA_EXFILTRATION]: The skill is designed to automatically transmit performance audit data to a GitHub repository to file issues. This functionality requires access to a GITHUB_TOKEN from the environment to perform its documented maintenance tasks.
[CREDENTIALS_UNSAFE]: The script perf-audit.ts accesses the GITHUB_TOKEN environment variable to authenticate with GitHub. While this is a standard practice for automated tools, it establishes a dependency on high-privilege credentials in the execution environment.
[PROMPT_INJECTION]: The skill defines logic to process user-generated journal entries and check-in scores for crisis detection, representing an indirect injection surface. * Ingestion points: Data enters the context via database queries to daily_checkins and journal tables (references/CRISIS_DETECTION.md). * Boundary markers: No specific delimiters or safety warnings are implemented in the logic snippets to distinguish untrusted data. * Capability inventory: The skill can execute local auditing scripts via Bash and perform network writes to the GitHub API. * Sanitization: Sentiment analysis is performed via hardcoded keyword matching and score-based thresholds rather than direct prompt interpolation for LLM decision making.

sobriety-tools-guardian