The Agent Skills Directory

[COMMAND_EXECUTION]: The audit phase defined in references/phase-guide.md instructs the agent to "Run the project and document startup, build, and release behavior". This encourages the execution of arbitrary commands found within a target project's configuration (such as npm scripts). When applied to "inherited or undocumented" projects as specified in the skill's purpose, this presents a risk of executing malicious code embedded in the project's build routines.
[DATA_EXFILTRATION]: The skill's instructions (Operating Rule 5 in SKILL.md) and documentation templates (in references/artifact-templates.md) direct the agent to "Inspect and record hidden dependencies, especially... env vars" and inventory "Environment Variables". Recording active environment variables in plain-text markdown files (e.g., docs/migration/04-dependency-inventory.md) poses a risk of exposing sensitive secrets, API keys, and other credentials.
[PROMPT_INJECTION]: The skill's core function involves analyzing and processing external, potentially untrusted project repositories. This creates an attack surface for indirect prompt injection, where malicious instructions hidden in the analyzed codebase could influence the agent's behavior. Ingestion points: The audit and map phases read various files from the target repository. Boundary markers: None identified to prevent the agent from following instructions found within project data. Capability inventory: The agent has the capability to write files and execute shell commands. Sanitization: No sanitization or validation steps are mentioned for ingested content.

project-migration