The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill attempts to execute external Python scripts located at '.claude/skills/bmad-commands/scripts/extract_tech_stack.py' and 'validate_metrics.py'. These dependencies are outside of the skill's own package and their source or integrity cannot be verified, creating a risk of executing unverified code if the target path is compromised.
[COMMAND_EXECUTION]: Uses 'npx tsc --noEmit' to analyze codebase quality. Executing a compiler or build tool like 'tsc' on an untrusted codebase is a risk factor, as it may interact with malicious configuration files (e.g., 'tsconfig.json') or local 'node_modules' in a way that leads to arbitrary code execution.
[DATA_EXFILTRATION]: The skill explicitly searches for and reads sensitive information, including strings like 'AWS_SECRET', 'API_KEY', and 'PASSWORD', as well as scanning '.env' files. While intended for security analysis, this behavior exposes credentials to the agent's context and incorporates them into the generated analysis report.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. (1) Ingestion points: Reads files from the target codebase root, including source code, configuration files, and documentation. (2) Boundary markers: None identified; untrusted codebase content is processed directly by commands without delimiters or safety instructions. (3) Capability inventory: Execution of shell commands (find, grep, cat), execution of Python scripts, and generation of local markdown/JSON report files. (4) Sanitization: No evidence of sanitization or validation of the content read from the target codebase before it is used in further commands or report generation.

analyze-architecture