The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill utilizes standard bash utilities such as mkdir, cat, grep, and wc to manage its internal planning directory and read configuration files. It also performs local git operations to commit generated documentation. These actions are transparent and consistent with the skill's purpose.
[DATA_EXFILTRATION] (SAFE): The analysis found no network requests, usage of curl or wget towards external domains, or attempts to access sensitive system files like SSH keys or cloud provider credentials.
[INDIRECT_PROMPT_INJECTION] (LOW): Because the skill is designed to analyze arbitrary codebases, it inherently exposes a surface for indirect prompt injection. Ingestion points: mapper agents read various files from the codebase. Boundary markers: No specific delimiters or safety instructions are defined to encapsulate the ingested code. Capability inventory: The skill has access to the local file system and git. Sanitization: No sanitization of the codebase content is performed before it is processed by the agents.

kata-map-codebase