The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to ingest and process instructions embedded in code comments (e.g., AICODE-NOTE, AICODE-TODO), which represents a surface for indirect prompt injection.
Ingestion points: scripts/scan-codebase.sh (marker extraction via grep).
Boundary markers: Extracted content is encapsulated within a structured JSON object.
Capability inventory: The skill utilizes the Bash and Read tools.
Sanitization: Content is passed through a custom json_escape function and truncated to 200 characters to mitigate large-scale injection or context overflow.
[SAFE]: All operations are performed locally using standard system utilities. The skill does not perform network requests, download remote content, or execute external scripts from untrusted sources.
[SAFE]: The scanning script implements a robust exclusion list for directories that typically contain sensitive or voluminous data, including .git, node_modules, and virtual environments.

code-analyzer