The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to analyze and summarize untrusted source code and documentation from a repository, which could contain malicious instructions meant to subvert the agent's behavior. 1. Ingestion points: The skill reads the entire repository source tree and all files in the docs directory. 2. Boundary markers: The skill does not implement delimiters or ignore-instructions warnings for the content it analyzes. 3. Capability inventory: The skill can execute internal Python scripts and write documentation files to the file system. 4. Sanitization: No sanitization is performed on the ingested repository content before processing.
[COMMAND_EXECUTION]: Local script execution. The skill relies on bundled Python scripts (repo_inventory.py and bootstrap_doc_plan.py) to perform repository scanning and document planning.
[DATA_EXFILTRATION]: Sensitive file path identification. The repo_inventory.py script explicitly looks for and lists the presence of .env and .env.example files. While the script only identifies the filenames for inventory purposes and does not read the contents, these files typically contain sensitive credentials.

codebase-doc-writer