The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection. It is designed to ingest and process untrusted source code during its proactive scanning and manual refactoring workflows.
Ingestion points: External source code files and user-provided code blocks processed as described in SKILL.md and its triggers.
Boundary markers: Absent. There are no instructions to the agent to distinguish between the code being refactored and potential instructions hidden within that code (e.g., in comments).
Capability inventory: The skill requires shell access to execute testing frameworks (pytest, rspec), linters (ruff, rubocop), and type checkers (mypy, steep), providing a direct path for command execution via malicious code or test cases.
Sanitization: Absent. The skill assumes that the input code and its associated tests are safe for analysis and execution.
[COMMAND_EXECUTION]: The skill explicitly instructs the agent to run development tools that execute code in the local environment. This includes commands such as pytest, ruff, mypy, rspec, and rubocop. While standard for a TDD workflow, this capability could be abused if the code or tests being processed are controlled by an attacker.
[EXTERNAL_DOWNLOADS]: The skill documentation suggests the installation of additional development utilities such as dead for Python and dead_end for Ruby. These are standard, well-known packages from official registries used for identifying unused code and syntax issues.

refactor