The Agent Skills Directory

[SAFE]: The skill's primary purpose is to provide and enforce coding best practices such as RESTful API design and Zod validation. No malicious behavior or suspicious logic was detected.- [DATA_EXPOSURE]: The skill includes a 'Memory Protocol' instructing the agent to read from .claude/context/memory/learnings.md. This is a documented practice for maintaining context across sessions in specific agent environments and does not constitute unauthorized data access or exfiltration.- [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it is designed to analyze and review external code provided by users.
Ingestion points: User-provided code files targeted for review (SKILL.md).
Boundary markers: Not explicitly defined in the instructions.
Capability inventory: Tools for Read, Write, and Edit operations.
Sanitization: No explicit sanitization or filtering of input code content is mentioned.
Risk: This surface is necessary for the skill's intended functionality as a code reviewer and is considered a standard operational risk rather than a vulnerability.

best-practices-guidelines