The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses 'uv run manage.py' to perform Django system and migration checks. This requires the agent to execute shell commands within the project environment, which is the standard entry point for Django management tasks.
[REMOTE_CODE_EXECUTION]: Executing 'manage.py' triggers the loading of the Django project's settings and installed applications. If the codebase being scanned is malicious, this could result in arbitrary code execution within the agent's environment during the initialization of the Django framework.
[CREDENTIALS_UNSAFE]: The skill contains specific patterns (SEC-01, SEC-08) to detect hardcoded secrets like 'SECRET_KEY', 'api_key', and 'password'. While intended for auditing and remediation, these credentials will be extracted and displayed in the audit report, potentially leading to accidental exposure if handled incorrectly.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted code files to generate reports.
Ingestion points: Reads source code and configuration files in 'apps/' and 'config/' directories using 'grep' and file-reading operations.
Boundary markers: Absent; there are no specific markers or instructions to treat the analyzed code as non-instructional data.
Capability inventory: Shell command execution via 'uv run' and 'grep'.
Sanitization: Absent; the skill captures and directly includes snippets from the scanned files into the final markdown report without filtering potential instructions.

django-doctor