The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation and examples recommend using 'npx' to execute the 'claude-flow' package directly from the public npm registry.
Evidence: Multiple usage examples in SKILL.md (e.g., npx claude-flow bottleneck detect).
[REMOTE_CODE_EXECUTION]: The skill includes a JavaScript example that uses dynamic execution for running shell commands.
Evidence: scripts/analyze-performance.js uses child_process.exec to run npx commands.
[COMMAND_EXECUTION]: The skill provides commands designed to modify system configurations and apply optimizations automatically.
Evidence: The --fix flag in the bottleneck detect command suggests it can alter swarm topology and agent settings.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing external metrics to generate recommendations.
Ingestion points: Ingests data such as cpu_usage, memory_growth_percent_per_hour, and response_time_ms as seen in evals/performance-analysis.yaml.
Boundary markers: No clear delimiters or instructions to ignore embedded commands are present in the documentation or schema.
Capability inventory: The skill can execute shell commands (exec) and write to the filesystem (fs.writeFileSync).
Sanitization: There is no evidence of sanitization or strict validation of the performance metrics before they are processed by the agent.

performance-analysis