The Agent Skills Directory

[SAFE]: The skill is a static analysis tool that audits API contracts using Grep and Glob patterns. It does not execute the code being analyzed, maintaining a safe operation profile.- [EXTERNAL_DOWNLOADS]: The skill specifies a fallback URL for fetching its own reference and configuration files from the vendor's official GitHub repository (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/). This is an intended functionality for self-configuration.- [COMMAND_EXECUTION]: The allowed Bash tool is used within the documented workflow for file system discovery and environment verification. No patterns for arbitrary command injection or privilege escalation were found.- [PROMPT_INJECTION]: The skill ingests untrusted codebase files, creating a surface for indirect prompt injection. Evidence Chain: (1) Ingestion points: Project source code read via Read, Grep, and Glob tools. (2) Boundary markers: None. (3) Capability inventory: Bash usage and file system writing for reporting. (4) Sanitization: No content-based sanitization is applied. This risk is considered low and inherent to the skill's purpose as an auditor.

ln-643-api-contract-auditor