The Agent Skills Directory

[SAFE] (SAFE): The core logic in sync.js and watch.js uses standard Node.js fs APIs to read and write files. No suspicious operations, such as network exfiltration or credential harvesting, were found.
[COMMAND_EXECUTION] (LOW): Utility scripts like rename-quick.js and rename-to-uppercase.sh use system commands (find, mv) to manage file naming. These are localized to the current working directory and are used for their intended purpose of maintaining file casing consistency.
[DATA_EXPOSURE] (SAFE): The tool explicitly excludes sensitive directories such as .git and node_modules from its scanning and synchronization logic, preventing accidental exposure or modification of sensitive project metadata.
[INDIRECT_PROMPT_INJECTION] (LOW): While the tool propagates content between configuration files that might eventually be read by an AI, it does not interpret or execute the content itself. It functions as a transparent file-copying utility.

doc-sync-tool