The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/run-checkpoints.sh script uses the eval command to execute arbitrary shell strings provided in the pattern field of command-type checkpoints. These checkpoints are sourced from checkpoints.yaml files discovered in the local plugin cache.
[COMMAND_EXECUTION]: The script uses eval to perform shell expansion (brace and glob expansion) on target paths within the file_exists, contains, and regex check types. This allows for unintended shell command execution if a checkpoint target contains shell metacharacters.
[PROMPT_INJECTION]: The skill processes untrusted project data (e.g., README.md, source code) and external rubrics during LLM-based reviews, which presents a surface for indirect prompt injection.
Ingestion points: Project files and checkpoints.yaml files discovered in ~/.claude/plugins/cache/ (referenced in references/checkpoint-workflow.md).
Boundary markers: The agent prompt template includes instructions to verify only the provided checkpoints and return a specific JSON format, acting as a delimiter.
Capability inventory: The skill possesses the capability to execute shell commands via scripts/run-checkpoints.sh and create GitHub issues using the gh_api type and --create-issues flag.
Sanitization: No evidence of sanitization or escaping of external content before interpolation into prompts was found.
[EXTERNAL_DOWNLOADS]: The skill interacts with the GitHub API via the gh_api checkpoint type to verify repository metadata such as topics and labels.
[DATA_EXFILTRATION]: The discovery mechanism in references/checkpoint-workflow.md explicitly scans the internal agent plugin cache directory (~/.claude/plugins/cache/*/skills/*/) to read configuration and instruction files from other installed skills.

automated-assessment