The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes arbitrary shell commands for project verification, including 'pytest --collect-only', 'npx jest --listTests', and 'pnpm build --help' (as defined in workflow.md). Executing these commands on an untrusted repository poses a risk, as project-specific configurations or malicious test suites could trigger unexpected code execution during the discovery or dry-run phase.- [EXTERNAL_DOWNLOADS]: The remediation templates (remediation.md) recommend installing pre-commit hooks from 'github.com/pre-commit/pre-commit-hooks' and 'github.com/astral-sh/ruff-pre-commit'. These are well-known and reputable sources for developer tooling and are used here to improve local feedback loops.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the repository being analyzed.
Ingestion points: Repository files and structure are scanned by multiple 'scout' tasks (e.g., 'tooling-scout', 'testing-scout', 'docs-gap-scout') as described in workflow.md.
Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded commands within the files it analyzes.
Capability inventory: The skill has the ability to execute shell commands, modify project configuration files (like 'package.json'), and create new documentation or environment files.
Sanitization: There is no evidence of sanitization or strict schema validation for the data ingested from the repository before it is used to generate scores and remediation recommendations.

flow-next-opencode-prime