The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file uses dynamic context injection to run environment status commands (ls, node -v). These are benign checks performed at skill load time to determine project manifests and available runtimes.
[COMMAND_EXECUTION]: The scripts/generate_report.py script includes a utility to generate shell scripts and set executable permissions (chmod 0o755). This is a standard feature for generating local automation scripts and does not process untrusted remote data.
[PROMPT_INJECTION]: The skill processes external coverage data (LCOV/JSON), creating a surface for indirect prompt injection. However, the execution environment is restricted by the platform's allowed tools, and the skill primarily performs data extraction, minimizing the risk of instruction override. Mandatory Evidence Chain: Ingestion points: SKILL.md instructions and assets/configuration_template.yaml (coverage report files). Boundary markers: Absent. Capability inventory: Read, Write, Edit, Grep, Glob, Bash. Sanitization: Not explicitly implemented in provided script stubs.

analyzing-test-coverage