The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute npm run build and npm test (SKILL.md, Step 9). These commands are run locally to validate that the project continues to function correctly after any environment variable deletions during the cleanup phase. This is an intended safety feature of the skill.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and processes external project files, including environment configurations and source code (SKILL.md, Steps 1-3).
Ingestion points: The skill ingests .env* files and source files (.js, .ts) using the Grep and Read tools.
Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are implemented in the prompt logic to differentiate file content from system instructions.
Capability inventory: The agent has access to Bash (command execution), Write/Edit (file modification), and AskUserQuestion (interactive confirmation).
Sanitization: Ingested file contents are analyzed for patterns without explicit sanitization to filter potential injection attempts embedded in code comments or strings.
[DATA_EXFILTRATION]: The skill is designed to read sensitive files such as .env and .env.local as part of its primary auditing purpose (SKILL.md, Step 1). However, the skill only generates local reports and does not utilize any network tools or communicate with external domains to transmit the discovered sensitive data.

audit-env-variables