The Agent Skills Directory

[SAFE]: The skill is designed for repository scouting and information retrieval. It emphasizes evidence-based identification of file paths (routes, symbols, tests) rather than speculative matches.
[COMMAND_EXECUTION]: The skill suggests using standard, non-destructive tools like rg --files (ripgrep) for mapping the repository. It contains explicit constraints forbidding the execution of install, build, migration, or test commands during the scouting process, reducing the risk of accidental or malicious code execution.
[DATA_EXPOSURE]: While the skill reads repository files to find context, it lacks instructions to access sensitive directories such as .ssh, .aws, or .env. It focuses on domain-specific files like data models, schemas, and implementation handlers.
[PROMPT_INJECTION]: The instructions do not contain any patterns designed to override agent safety protocols or bypass system constraints. It includes a logical flow for handling vague inputs by redirecting to a clarifier skill rather than attempting to force a response.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data (story cards/tickets) and has the capability to read repository files and append output to files. However, it uses structured Markdown blocks for output and focuses on matching concrete terms, which minimizes the risk of the agent following instructions embedded in the story cards.

story-repo-scout