The Agent Skills Directory

[COMMAND_EXECUTION]: Local metadata analysis. The skill uses shell commands like git log and file scans (package.json, Cargo.toml, etc.) to infer project conventions and dependencies. These read-only operations are performed locally to prepopulate documentation and do not involve executing untrusted scripts or remote commands.
[DATA_EXFILTRATION]: No network activity. The skill reads project configuration files and environment examples (.env.example) to identify service integrations, but it lacks any networking capabilities or instructions to transmit this data to external servers.
[PROMPT_INJECTION]: Indirect injection surface. The skill ingests untrusted project data (e.g., contents of README.md or existing .context/ files) and interpolates it into prompts for subagents during the analyze action (references/actions/analyze.md). While explicit boundary markers are absent in the templates, the data remains confined to the user's own project environment, posing no significant risk of exploitation in this context.
[SAFE]: Transparency and confirmation. The skill follows best practices by explicitly showing the user what information it has detected and requiring confirmation before writing or updating any files in the repository. Its operations are scoped to a dedicated .context/ directory.

kickoff