The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill provides a fallback mechanism to fetch configuration and reference files from the author's official GitHub repository (github.com/levnikolaevich/claude-code-skills) if local files are missing. This is a documented behavior for maintaining skill dependencies.
[COMMAND_EXECUTION]: The skill uses Bash, Grep, and Glob tools to search the codebase for business-critical keywords like 'payment' and 'auth'. These operations are restricted to scanning and do not involve executing external code.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes untrusted data from the codebase being audited. Evidence: 1. Ingestion points: Codebase files and routes identified during scanning. 2. Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions when reading file content. 3. Capability inventory: The agent has access to Bash, Read, Grep, and Glob tools. 4. Sanitization: There is no evidence of content validation or escaping before the data is processed in the agent's context.

ln-632-test-e2e-priority-auditor