The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Bash shell commands to identify the project's folder structure and locate manifest files for stack detection. Evidence: Executes 'find [project_root] -maxdepth 2 -type d' to map the organizational layout. These commands are constrained to the local file system for discovery purposes.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted content from the codebase into the agent's context during reporting. 1. Ingestion points: Reads 'openspec/config.yaml', project manifests (e.g., package.json), and up to 20 source code files for convention sampling. 2. Boundary markers: Uses specific markdown markers (e.g., ) to manage report sections, but lacks explicit instructions to treat code samples as untrusted or to ignore instructions embedded within the sampled source text. 3. Capability inventory: Employs file system traversal via Bash and utilizes 'Read' and 'Write' tools to modify analysis-report.md and context files. 4. Sanitization: There is no evidence of sanitization or filtering of content sampled from source code before it is transcribed into project-level reports.

project-analyze