The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute project-specific commands like test runners (npm test, pytest), compilers (tsc), and build scripts to verify that refactoring does not break existing functionality. While standard for development tools, this involves executing code defined within the target repository.
[SAFE]: The provided static analysis script ('analyze_codebase.py') includes a security-positive exclusion list that prevents it from scanning sensitive directories such as .env, .git, and node_modules. This design choice reduces the risk of accidental exposure of credentials or private metadata in generated reports.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests and processes untrusted code from a target repository and possesses execution capabilities. Ingestion points: local codebase files identified by the agent. Boundary markers: none explicitly defined in the agent instructions to separate untrusted code data from the agent's control flow. Capability inventory: file system modification, deletion, and shell command execution. Sanitization: relies on the user's existing environment and project configuration for command execution.

code-cleanup