The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill configuration in SKILL.md specifies a fallback mechanism to fetch missing reference or shared files from the author's repository at https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}. This is a vendor-managed source for skill components.
[PROMPT_INJECTION]: The skill analyzes untrusted data from the codebase being audited, including source code files and architectural documentation (e.g., docs/architecture.md, docs/project/dependency_rules.yaml). This ingestion of external content without explicit sanitization or strict boundary markers creates a surface for indirect prompt injection. A malicious file in the audited project could contain instructions designed to influence the agent's behavior during the audit process. Ingestion points: Files accessed via Glob, Grep, and Read tools in the codebase_root. Boundary markers: Instructions do not specify the use of delimiters or warnings to ignore embedded instructions when processing these files. Capability inventory: The skill uses tools like Bash, Grep, and Glob to perform analysis and generate reports. Sanitization: Content from audited files is processed without validation or escaping.

ln-644-dependency-graph-auditor