The Agent Skills Directory

[COMMAND_EXECUTION]: The script git_detective.py executes the git command using the subprocess module to retrieve repository change logs and statistics. This is a core function for identifying code hotspots and is performed safely without shell execution.
[EXTERNAL_DOWNLOADS]: The SKILL.md documentation describes installing the tree-sitter and tree-sitter-language-pack libraries via pip. These are well-known, legitimate packages from official registries used for source code parsing.
[PROMPT_INJECTION]: The skill ingests untrusted code from repository files to build an AST-based knowledge graph (extract_ast.py). No explicit boundary markers are present in the processing logic. The skill has capabilities to read files and execute Git commands. Analysis shows that sanitization is inherent in the AST extraction process, as it isolates structural metadata (classes, functions, imports) rather than processing the code's instructional content.

nexus-query