The Agent Skills Directory

[SAFE]: The skill defines a set of instructions for code review and reporting. It does not contain scripts, shell commands, or network operations. All activities, including reading files and saving reports, are performed locally within the agent's environment and under the user's guidance.
[SAFE]: The skill possesses an indirect prompt injection surface as it is designed to process untrusted source code and documentation. Ingestion points: Reads PRD issues, child issues, and all files identified within the implementation scope (SKILL.md). Boundary markers: Absent; the skill does not specify the use of delimiters to separate instructions from audited data. Capability inventory: Local file read (for audit exploration) and local file write (for saving the final report). Sanitization: Absent; there are no explicit instructions to ignore instructions embedded within the files being audited. This is a standard risk for auditing tools and is noted as a low-risk surface.

final-audit