The Agent Skills Directory

[DATA_EXFILTRATION]: The skill intentionally accesses sensitive system configuration files that may contain infrastructure secrets or network topologies.
Evidence: Scanning ~/.ssh/config to extract SSH aliases, hostnames, and IP addresses for the 'SERVER_INVENTORY' field.
Evidence: Extracting artifact repository URLs and registry settings from .npmrc.
Evidence: Parsing .env.example files which, while often sanitized, can occasionally contain sensitive default values or reveal internal environment naming conventions.
[COMMAND_EXECUTION]: The skill executes system commands and performs deep file system discovery to gather context.
Evidence: Execution of git log to extract frequent committer names and emails.
Evidence: Recursive scanning of directory structures including src/ and migrations/.
[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection by processing untrusted project data.
Ingestion points: README.md, package.json, CODEOWNERS, and git history are read directly into the agent context (SKILL.md Phase 1.1).
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when building the Context Store.
Capability inventory: The skill has the ability to invoke multiple sub-skills (ln-111 through ln-115) and use MCP tools like mcp__Ref and WebSearch (SKILL.md Phase 2).
Sanitization: There is no evidence of sanitization or filtering of the strings extracted from project files before they are passed to the Context Store and subsequent workers.

ln-110-project-docs-coordinator