The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bash script containing find, jq, and grep to analyze the local node_modules directory. This activity is restricted to the local project environment and is essential for the skill's primary auditing function.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external data from third-party packages. 1. Ingestion points: package.json, LICENSE, and README files. 2. Boundary markers: Absent. 3. Capability inventory: Local bash command execution. 4. Sanitization: Inputs passed to the LLM are truncated to 500 characters. This vulnerability surface is inherent to the auditing task and does not escalate the overall verdict given the skill's limited scope and purpose.

license-checker