The Agent Skills Directory

[SAFE]: No malicious code, obfuscation, or unauthorized data access was detected. The skill's behavior is transparent and confined to the local workspace following user confirmation.\n- [NO_CODE]: This skill consists of natural language instructions and metadata; no executable scripts or binaries are shipped within the skill files.\n- [EXTERNAL_DOWNLOADS]: The skill is acquired via the author's public repository (README.md), which is a standard installation method for this platform and does not impact runtime security.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests data from local project files to identify documentation conventions (SKILL.md, Phase 1). Evidence chain: 1. Ingestion point: Local file system scanning (SKILL.md, Phase 1); 2. Boundary markers: Absent; 3. Capability inventory: File-write access to docs/ARTIFACT_NORMS.md and .ai-cortex/artifact-norms.yaml; 4. Sanitization: Risk is mitigated by a mandatory user confirmation step before any write operation (SKILL.md, Phase 4).

discover-document-norms