The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides five bash scripts (e.g., scripts/scan_agent_instructions.sh, scripts/scan_build_env.sh) meant to be run locally by the user or agent. These scripts use benign system commands such as find, grep, and ls to gather information about the repository's configuration. No destructive or network-facing commands were found.
[PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it processes untrusted data from the repository being analyzed. This risk is inherent to tools that parse external project files and present them to an AI agent. Ingestion points: The scanner scripts read file names, directory structures, and the contents of documentation files (README.md, etc.) and configuration files. Boundary markers: The skill's instructions do not include specific delimiters or instructions for the agent to ignore potentially malicious embedded content within the analyzed repository. Capability inventory: The scripts are read-only observers, but the agent uses the collected data to synthesize a report, which is a qualitative task. Sanitization: There is no explicit sanitization of filesystem metadata or grepped content before it is processed by the agent.

agent-readiness-report