The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill uses shell command execution to read local file contents.
Evidence: The file SKILL.md contains the command !grep -A 100 '^\\[dependencies\\]' Cargo.toml 2>/dev/null | head -30. This command is used to inject the current project's dependency list into the agent's context. While the command is static and performs a read-only operation, it represents a shell execution surface.
DATA_EXFILTRATION (INFO): The skill accesses project configuration data.
Evidence: The skill reads Cargo.toml. However, there are no network-capable tools (like curl or wget) or instructions to transmit this data to an external server.
INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted local project files.
Ingestion points: Cargo.toml via the grep command.
Boundary markers: None present in the command output injection.
Capability inventory: Shell command execution via the ! syntax.
Sanitization: None.
Assessment: The risk is low because the data is only used for display and context for the AI's reasoning about crate selection, rather than being used to construct further executable commands.

m11-ecosystem