The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted codebase content during its analysis phase (Steps 2 and 3). Malicious instructions embedded in source code comments, docstrings, or metadata of a target codebase could potentially influence the agent's behavior or bias the resulting tool specifications.
Ingestion points: File reading and grepping operations in Step 1.1 and 2.1 using the Read and Grep tools.
Boundary markers: None identified; the skill lacks explicit delimiters or instructions to ignore potential commands within the analyzed code.
Capability inventory: The skill has access to Bash, Read, Grep, and Glob tools.
Sanitization: No sanitization, escaping, or validation of the codebase content is specified before the agent evaluates it for MCP suitability.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform codebase metrics, such as counting total files, lines of code, and exported symbols (Step 1.3). Although this is a standard analytical task, shell access used in conjunction with untrusted file paths represents a capability that should be monitored.

analyze-codebase-for-mcp