The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local shell script located at dev/scripts/audit-tests.sh using the Bash tool. It passes user-supplied $ARGUMENTS directly to this script to filter test execution (e.g., 'contracts', 'versions').
[COMMAND_EXECUTION]: The skill uses node -e to programmatically extract and compare version strings from package.json and .claude-plugin/plugin.json. It also uses node -c to perform syntax validation on bin/install.js.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from external files (skills and agents) and has significant system capabilities (Bash, Node.js).
Ingestion points: Reads content from all files within gsp/skills/ and gsp/agents/ during contract and installer checks.
Boundary markers: No specific delimiters or 'ignore' instructions are used when reading these files; however, the agent is instructed to use specific tools like grep and cat for targeted extraction rather than open-ended reasoning on the file content.
Capability inventory: The skill can execute arbitrary shell commands via Bash and run Node.js code, which are used for testing and version verification.
Sanitization: No explicit sanitization of the file content is performed before processing, though the logic relies on pattern matching for specific frontmatter fields and references.

gsp-audit