The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute common development and static analysis commands such as grep, ruff, vulture, gocyclo, and goimports. These are used for scanning code and applying auto-fixes as described in SKILL.md and references/scan-commands.md.
[EXTERNAL_DOWNLOADS]: The instructions and documentation (references/tools.md) recommend the installation of external tools via official package managers (pip install, go install). These are standard tools for the supported languages and the skill does not attempt to download or execute untrusted scripts from the internet.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes untrusted source code from the project being scanned. If the repository contains malicious instructions within comments or code, they could potentially influence the agent when displayed in report summaries.
Ingestion points: The skill reads source code via Read, Grep, and Glob tools as defined in SKILL.md.
Boundary markers: No specific delimiters or instructions to ignore embedded content are used when formatting code snippets into the final report.
Capability inventory: The skill has access to Bash, Write, Edit, and Task tools, which could be exploited if an indirect injection successfully overrides agent instructions.
Sanitization: The skill does not sanitize or escape the content of the code snippets before presenting them in the report.

code-cleanup