The Agent Skills Directory

Prompt Injection (SAFE): No instructions designed to bypass safety filters, extract system prompts, or override agent behavior were detected. Documentation uses terms like 'CRITICAL' strictly to denote code quality errors (e.g., prohibiting 'any' types in TypeScript).
Data Exposure & Exfiltration (SAFE): No hardcoded credentials or unauthorized network transmission logic was found. The automated scanner alert for 'logger.info' is a false positive; it identifies documentation examples of structured logging rather than a malicious URL.
Obfuscation (SAFE): All files are cleartext and human-readable. There is no use of Base64 encoding, zero-width characters, homoglyphs, or other techniques to hide malicious intent.
Unverifiable Dependencies & Remote Code Execution (SAFE): The shell and Python scripts in the scripts/ directory call standard local binaries (e.g., ruff, mypy, eslint, cargo). They do not download or execute remote scripts from untrusted sources.
Indirect Prompt Injection (LOW): The skill facilitates the ingestion of untrusted external content by instructing the agent to review diffs and PRs (gh pr diff). This creates a standard attack surface where a malicious PR could attempt to influence the agent. However, the skill provides rigid checklists and security rules to mitigate this risk, and its primary capability is providing text-based reviews.
Dynamic Execution (SAFE): While scripts/check_style.py utilizes subprocess.run to invoke linters, it does so on local file paths. No unsafe deserialization (e.g., pickle.load on external data) or runtime code generation from untrusted input was identified.

code-quality