The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/deep_research.sh executes shell commands to discover directories and spawns subagents using the claude CLI with Bash tool access enabled. Although the script defaults to a read-only permission mode, the configuration grants agents the capability to execute shell commands for system exploration.\n- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it systematically processes untrusted codebase files and presents them to highly autonomous agents initialized with open-ended instructions (e.g., "complete freedom to choose your research approach").\n
Ingestion points: Local files (source code, documentation, configuration) read via Read, Glob, and Grep tools.\n
Boundary markers: Not present; instructions do not include delimiters or warnings to ignore embedded directives in codebase files.\n
Capability inventory: Read, Glob, Grep, Bash, and filesystem writes via the research script output redirection.\n
Sanitization: Absent; the skill extracts and summarizes content from all discovered code files without filtering for malicious prompt patterns.

codebase-researcher