The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script scripts/codemap.py contains logic to download binary tree-sitter parser libraries (.so files) from https://github.com/kreuzberg-dev/tree-sitter-language-pack as a fallback mechanism if the required parsers are not found locally or in the bundled directory.
[REMOTE_CODE_EXECUTION]: Binary libraries downloaded from the unvetted external source are subsequently loaded and executed by the Python runtime to parse source code. This represents a significant risk as the binaries originate from an organization not identified as a trusted vendor.
[COMMAND_EXECUTION]: The script scripts/codemap.py uses the subprocess.run function to execute system commands including curl, tar, and zstd to facilitate the downloading and extraction of binary parser assets.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from a target codebase and presents it to the agent without sufficient isolation.
Ingestion points: scripts/codemap.py reads content from all source files in the provided directory path to extract symbol names and docstrings.
Boundary markers: Absent. Extracted symbol names, function signatures, and docstring summaries are placed directly into Markdown lists in _MAP.md files without delimiters or warnings to the agent.
Capability inventory: The skill has the ability to write files to the local filesystem and execute shell commands via subprocess.
Sanitization: Absent. There is no sanitization or filtering of the extracted text before it is written to the documentation files used by the agent.

mapping-codebases