The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file defines a mandatory 'Memory Protocol' instructing the agent to execute cat .claude/context/memory/learnings.md to retrieve context. While intended for persistence, this involves direct shell command execution to access local filesystem data.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it is designed to ingest and process untrusted external data (Java source code).
Ingestion points: Java files located at **/src/main/java/com/example/dtos/*.java as defined in the skill's globs.
Boundary markers: The instructions lack explicit delimiters or warnings to ignore instructions embedded within comments or strings in the processed code.
Capability inventory: The skill is granted significant capabilities including Read, Write, and Edit tools, alongside the shell execution mentioned in the Memory Protocol.
Sanitization: There is no evidence of sanitization or safety-filtering for instructions that might be contained within the files the agent is tasked to review.
[SAFE]: Analysis of scripts/main.cjs and the hook files shows standard logic for a CLI utility and execution lifecycle management with no signs of obfuscation, credential theft, or unauthorized network operations.

dto-conventions