The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The diagram.html file references and loads the Mermaid.js visualization library from cdn.jsdelivr.net, which is an established and well-known content delivery service.
[COMMAND_EXECUTION]: The references/comments_rules.md file contains shell command examples including find, grep, and wc used for discovering source files, searching for patterns like TODOs, and calculating comment density ratios.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process untrusted data from source code comments.
Ingestion points: The skill extracts inline comments and docstrings from all detected source files during the 'Scan' and 'Extract' phases.
Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from interpreting instructions contained within the comments it is auditing.
Capability inventory: The workflow involves file system scanning, extraction of text, and scoring, which grants the agent access to the contents of the project's source code.
Sanitization: The skill does not describe any sanitization or validation steps to ensure that extracted comment strings are treated as data rather than instructions.

ln-610-code-comments-auditor