The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of system-level operations to manage codebases. scripts/dashboard.js utilizes execAsync to invoke maintenance scripts and control the local server. scripts/batch-llm-runner.js spawns codeagent-wrapper to interface with the LLM, while testing scripts like scripts/test-result.js execute vitest via spawn.- [COMMAND_EXECUTION]: scripts/hook.js provides a utility to establish persistence by modifying the global and project-specific Claude Agent settings.json files. It installs PostToolUse and UserPromptSubmit hooks that automatically execute automation scripts (e.g., update.js, stale-notify.js) during normal developer workflows, such as commits or session starts.- [REMOTE_CODE_EXECUTION]: Automation scripts such as scripts/audit-fix.js, scripts/test-fix.js, and scripts/test-generator.js generate code patches and new test files by processing output from a remote LLM. These patches are directly applied to the local filesystem using fs.writeFile. This mechanism represents a bridge from remote model output to local executable code, although it is constrained by safety instructions in the system prompts.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests source code from the project environment and interpolates it into worker prompts for analysis and auditing in module-analyzer.js. While mitigated by a SAFETY_PROMPT_PREFIX that forbids command execution, the ingestion of untrusted codebase data combined with file-modification capabilities creates an inherent attack surface.- [EXTERNAL_DOWNLOADS]: The Dashboard interface (pages/dashboard.html) references external assets including Tailwind CSS and Google Fonts from well-known CDNs. These are standard for modern web interfaces and originate from trusted domains.

project-index