The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/render_report.py contains logic to execute shell commands (xdg-open or open) via the subprocess.run function. This functionality is triggered only when the --open flag is explicitly provided by the user, and its purpose is to open the generated HTML report in a browser. The implementation uses argument lists, which is a standard security practice to prevent shell injection.\n- [SAFE]: The skill performs expected file system operations, including reading Markdown files and writing HTML output, consistent with its stated purpose. It employs standard HTML escaping to mitigate potential Cross-Site Scripting (XSS) risks in the generated reports and does not exhibit any patterns of data exfiltration, obfuscation, or persistence.

rq-report-renderer